Hi Matteo, On Wed, Jun 29, 2011 at 06:36:05PM +0200, Matteo Cypriani wrote: > Le mercredi 29 juin 2011 18:14:14, Kilian Krause a écrit : > > On Wed, Jun 29, 2011 at 05:51:28PM +0200, Matteo Cypriani wrote: > > > Yes, I though this was not an issue because the binary are small. > > > I will try to negotiate with upstream a binary-free tarball, and if > > > possible with the source DocBook file to generate the manpages, instead > > > of including the useless PDF and HTML versions. > > > If it is not possible for upstream, I'll repack > > > > it's not about "small" or "useful". It's about license and copyright. > > The license should be satisfied, since the source is shipped, no? It seems to > me that it is a problem only if the binaries come from a modified, unshipped > source (which I admit is not easily provable).
You may be right that the license is the same as the source. Yet it's a derived work that *may* be licensed differently depending on who did the build and what license he put onto his binary. That's why this has to be clarified for each and every file in a source package - even pictures, fonts, audio/video files and documentation like PDF have to have a license. Moreover that's why GFDL and others were written to overcome the problem that plain GPL does have with binary stuff - because the GPL more than others has a problem adressing non-source code as it was never formulated to cover binaries (at least GPL-2). So the problem may in fact be that the binary is GPL but that cannot be satisfied with the formulation of the GPL terms. > > Always. And sometimes about security and trustability. > > The binaries are not in the final package, so why would it be a security > issue > for the end-user? And new upstream releases may consider it a wise thing to put certain wrappers in and make the install target ship one of the prebuilt binary blobs which keeps the user's view totally untouched. Yet your package just got broken wrt. the DFSG. Would you notice? Not to mention users who download the source and would believe the "other" binary is so much better than the one from the deb. How do you make sure this one does not have any backdoors compiled in? The latter issues were more of illustrating nature though and not specifically with this case in mind. -- Best regards, Kilian
signature.asc
Description: Digital signature