Op woensdag 7 mei 2014 20:14:50 schreef Ben Finney: > Wouter Verhelst <wou...@debian.org> writes: > > Op vrijdag 2 mei 2014 15:58:37 schreef Paul Tagliamonte: > > > If you were to 'update' the image, how would you do it? What things > > > would you need? Include that. Think about what you'd need when you > > > fork the project. > > > > Does that mean I should include "wget"? > > I'm sure you know this, and I am having difficulty interpreting your > question in good faith. But in case you actually don't know:
I was speaking with tongue in cheek here. Of course I know. The point is, I'm having a hard time buying the argument that if the minified javascript was unmodified, and if the non-minified javascript library is in the archive (or a version of said javascript library which will function in exactly the same way), that the minified javascript is suddenly non-free because it does not contain the non-minified version in the *same* source tarball. The source is there. For the very same reason we accept built-using and *- source packages, I don't see a problem with having a minified javascript library in a source tarball *as long as the source is in Debian*, somewhere. The point of freedom is to allow people to make changes, not to have a pedantically correct version of every bit of source "out there". So long as people can make such changes without too much effort (and I submit that in the case of minified javascript libraries without non-minified version, they can), I don't see what the problem is. [...] > > Most minified externally-produced javascript files are just downloaded > > verbatim off the web. > > How can we verify which ones are verbatim copies, automatically for > every release of the source package? If you must, you could take a checksum and build a database of known- unmodified versions. I'm not convinced that's actually useful, however. [...] > > I agree with the sentiment that we should provide source "in Debian" > > for everything that's actually useful for our users. > > Do you agree that nobody except the recipient gets to decide what they > find useful? > > Or would you arrogate to the Debian project the power to deny the fact > that a recipient may find a Debian source package useful in itself? > > > If a dependency and a symlink exists, however, it's clear that the > > maintainer meant to say "source is over there". > > The maintainer may intend that to be true. Without independent automated > verification, we are merely guessing and hoping. We are merely guessing and hoping that most of the code in Debian is actually under the license terms as specified in the debian/copyright file, too. Yes, with machine-parseable copyright files you can make verifications as to whether the copyright file matches the copyright header in the file. That's still not a proof. > How can we verify > independently that no such assertion is false? I've described a means > that is certain and simple: discard the non-source form from the source > package. It is certainly a certain way of doing that, yes. It is also annoying for the maintainer involved, and should not be necessary. -- It is easy to love a country that is famous for chocolate and beer -- Barack Obama, speaking in Brussels, Belgium, 2014-03-26