Simon McVittie writes ("Re: Programs contain ads - acceptable for packaging for Debian?"): > On Thu, 20 Jun 2019 at 13:15:26 +0700, Bagas Sanjaya wrote: > > Suppose that an upstream has released a program which its license conforms > > to DFSG (named ZZZ), but when I test it, ads placed by the upstream appear > > (such as pop up ads). Since ads can affect user experience of ZZZ, but at > > the same time the upstream get paid by ad networks which he place the ads > > into ZZZ, would it acceptable to package ZZZ for Debian? > > Personal opinion only: > > If the ads give a third-party ad network the opportunity to track the > users of ZZZ, then I'd consider that to be an important bug, and it > would not be appropriate to package ZZZ without removing them (assuming > the license allows for that, which it should if it is DFSG-compliant).
I agree. This applies to any program which downloads ads from the network at runtime. Serious problems with this: * We don't know what ads might be displayed and whether we would think them inappropriate, offensive, legally risky, or whatever. * Downloading ads at runtime is a security risk: it exposes the software which has to display them to a very wide array of actors. This is a bad idea (and one reason why you should run your web browser with a good adblocker). * Downloading ads at runtime is a privacy violation, because it allows the ad server to see who is using the program. (This is the concern mentioned by Simon.) So I think ZZZ should be patched to not download ads from the network. It would be polite to have a conversation with upstream about this, and we in Debian would always strive to be polite, but if ZZZ is free software then we do not need upstream's permission. Ian. -- Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own. If I emailed you from an address @fyvzl.net or @evade.org.uk, that is a private address which bypasses my fierce spamfilter.