subject:"Bug#849830\: \[src\:digikam\] Some sources are not included in your package"

Bug#849830: [Pkg-kde-extras] Bug#849830: Bug#849830: [src:digikam] Some sources are not included in your package

2017-01-02 Thread Scott Kitterman



On January 2, 2017 11:17:43 AM EST, Steve Robbins  wrote:
>On Sunday, January 1, 2017 2:29:37 AM CST you wrote:
>> On Sunday, January 01, 2017 12:59:08 AM Steve Robbins wrote:
>> > On Saturday, December 31, 2016 10:06:37 PM CST you wrote:
>
>> > No part of the resulting binary package comes from files that are
>not in
>> > their intended form of modification.  I acknowledge there are extra
>> > non-source files in the source tarball *that are not used* to
>create the
>> > binary.
>> 
>> Speaking as a member of the FTP team, the source needs to be DFSG
>free to be
>> in Main.  Regardless of if it's used in the binary.
>
>To take that position, you need to redefine "source" as essentially any
>file in 
>the upstream tarball, regardless of whether it is used to produce the
>binary 
>packages.   I think most people -- myself included -- would equate
>"source" 
>with "files that are used to produce the binary distribution" (and, for
>
>avoidance of doubt, this includes config files, doc files used to
>produce -doc 
>packages, etc).
>
>Taking your stronger view requires creating a debian-specific "source"
>tarball 
>that pragmatically gains no extra freedom for the users. 
>
>Moreover I don't find that definition in the DFSG, which says only
>that: "The 
>program must include source code, and must allow distribution in source
>code 
>as well as compiled form."
>
>> > > In some cases this could also constitute a license violation for
>some
>> > > copyleft licenses such as the GNU GPL. (While sometimes the
>licence
>> > > allows not to ship the source, the DFSG always mandates source
>code.)
>> > 
>> > It requires all sources required to create the binary.  Digikam
>meets this
>> > test.
>> 
>> No.  It doesn't.  This is a valid bug and one that's not hard to fix.
>
>The GPL defines  “source code” as "the preferred form of the work for
>making 
>modifications to it."   The requirement is that if you provide a
>covered work, 
>you must also provide the source.  There is no restriction in the GPL
>that 
>forbids extraneous non-source files from being provided in the same
>tarball.  
>So, yes: Debian's Digikam meets the GPL requirements.

I never said it wasn't GPL compliant.

What I am giving you is the FTP team position on DFSG as it relates to source 
packages.  As it stands, the source package contains sourceless binary code and 
that is specifically not allowed in Main.  The fact that Debian is distributing 
it in a part of the main archive called source doesn't remove the requirement 
to provide source (i.e. preferred form for modification).

We've also specifically considered minified JavaScript and determined it is not 
the source for DFSG purposes.

Scott K

Bug#849830: [Pkg-kde-extras] Bug#849830: [src:digikam] Some sources are not included in your package

2017-01-02 Thread Steve Robbins

On Sunday, January 1, 2017 2:29:37 AM CST you wrote:
> On Sunday, January 01, 2017 12:59:08 AM Steve Robbins wrote:
> > On Saturday, December 31, 2016 10:06:37 PM CST you wrote:

> > No part of the resulting binary package comes from files that are not in
> > their intended form of modification.  I acknowledge there are extra
> > non-source files in the source tarball *that are not used* to create the
> > binary.
> 
> Speaking as a member of the FTP team, the source needs to be DFSG free to be
> in Main.  Regardless of if it's used in the binary.

To take that position, you need to redefine "source" as essentially any file in 
the upstream tarball, regardless of whether it is used to produce the binary 
packages.   I think most people -- myself included -- would equate "source" 
with "files that are used to produce the binary distribution" (and, for 
avoidance of doubt, this includes config files, doc files used to produce -doc 
packages, etc).

Taking your stronger view requires creating a debian-specific "source" tarball 
that pragmatically gains no extra freedom for the users. 

Moreover I don't find that definition in the DFSG, which says only that: "The 
program must include source code, and must allow distribution in source code 
as well as compiled form."

> > > In some cases this could also constitute a license violation for some
> > > copyleft licenses such as the GNU GPL. (While sometimes the licence
> > > allows not to ship the source, the DFSG always mandates source code.)
> > 
> > It requires all sources required to create the binary.  Digikam meets this
> > test.
> 
> No.  It doesn't.  This is a valid bug and one that's not hard to fix.

The GPL defines  “source code” as "the preferred form of the work for making 
modifications to it."   The requirement is that if you provide a covered work, 
you must also provide the source.  There is no restriction in the GPL that 
forbids extraneous non-source files from being provided in the same tarball.  
So, yes: Debian's Digikam meets the GPL requirements.

-Steve

signature.asc
Description: This is a digitally signed message part.

Bug#849830: [src:digikam] Some sources are not included in your package

2017-01-02 Thread roucaries bastien

On Sun, Jan 1, 2017 at 7:59 AM, Steve Robbins  wrote:
> On Saturday, December 31, 2016 10:06:37 PM CST you wrote:
>
>> your package includes some files that seem to lack sources
>> in preferred forms of modification (even if removed during clean target).
>
> No part of the resulting binary package comes from files that are not in their
> intended form of modification.  I acknowledge there are extra non-source files
> in the source tarball *that are not used* to create the binary.

Yes but it fail dfsg
>
>> According to Debian Free Software Guidelines [1] (DFSG) #2:
>>  "The program must include source code, and must allow distribution
>>   in source code as well as compiled form."
>
> Digikam meets this test.

No minified javascript are not source
>
>> In some cases this could also constitute a license violation for some
>> copyleft licenses such as the GNU GPL. (While sometimes the licence
>> allows not to ship the source, the DFSG always mandates source code.)
>
> It requires all sources required to create the binary.  Digikam meets this
> test.

Please ask debian-qa or ftpmaster but you should repack

> -Steve

Bug#849830: [Pkg-kde-extras] Bug#849830: [src:digikam] Some sources are not included in your package

2016-12-31 Thread Scott Kitterman

On Sunday, January 01, 2017 12:59:08 AM Steve Robbins wrote:
> On Saturday, December 31, 2016 10:06:37 PM CST you wrote:
> > your package includes some files that seem to lack sources
> > in preferred forms of modification (even if removed during clean target).
> 
> No part of the resulting binary package comes from files that are not in
> their intended form of modification.  I acknowledge there are extra
> non-source files in the source tarball *that are not used* to create the
> binary.

Speaking as a member of the FTP team, the source needs to be DFSG free to be 
in Main.  Regardless of if it's used in the binary.

> > According to Debian Free Software Guidelines [1] (DFSG) #2:
> >  "The program must include source code, and must allow distribution
> >  
> >   in source code as well as compiled form."
> 
> Digikam meets this test.

Binaries yes, source no.

> > In some cases this could also constitute a license violation for some
> > copyleft licenses such as the GNU GPL. (While sometimes the licence
> > allows not to ship the source, the DFSG always mandates source code.)
> 
> It requires all sources required to create the binary.  Digikam meets this
> test.

No.  It doesn't.  This is a valid bug and one that's not hard to fix.

Scott K

Bug#849830: [src:digikam] Some sources are not included in your package

2016-12-31 Thread Steve Robbins

On Saturday, December 31, 2016 10:06:37 PM CST you wrote:

> your package includes some files that seem to lack sources
> in preferred forms of modification (even if removed during clean target).

No part of the resulting binary package comes from files that are not in their 
intended form of modification.  I acknowledge there are extra non-source files 
in the source tarball *that are not used* to create the binary.

> According to Debian Free Software Guidelines [1] (DFSG) #2:
>  "The program must include source code, and must allow distribution
>   in source code as well as compiled form."

Digikam meets this test.

> In some cases this could also constitute a license violation for some
> copyleft licenses such as the GNU GPL. (While sometimes the licence
> allows not to ship the source, the DFSG always mandates source code.)

It requires all sources required to create the binary.  Digikam meets this 
test.

-Steve

signature.asc
Description: This is a digitally signed message part.

Bug#849830: [src:digikam] Some sources are not included in your package

2016-12-31 Thread Bastien ROUCARIÈS

Package: src:digikam
Version: 4:5.3.0-1
user: lintian-ma...@debian.org
usertags: source-is-missing
severity: serious
X-Debbugs-CC: ftpmas...@debian.org

Hi,

your package includes some files that seem to lack sources
in preferred forms of modification (even if removed during clean target).
I have copied the lintian override that is bogus

# The following two files are removed in clean target, so not part of the 
build.
digikam source: source-is-missing core/data/about/js/bootstrap.min.js
digikam source: source-is-missing core/data/about/js/jquery.min.js


According to Debian Free Software Guidelines [1] (DFSG) #2:
 "The program must include source code, and must allow distribution 
  in source code as well as compiled form."

In some cases this could also constitute a license violation for some
copyleft licenses such as the GNU GPL. (While sometimes the licence
allows not to ship the source, the DFSG always mandates source code.)

In order to solve this problem, you could:
1.  add the source files to "debian/missing-sources" directory.
2. repack the origin tarball and add the missing source files to it.

Both way satisfy the requirement to ship all source code. The second option
might be preferable due to the following reasons [2]:
 - Upstream can do it too and you could even supply a patch to them, thus
   full filling our social contract [3], see particularly §2.
 - If source and non-source are in different locations, ftpmasters may
   miss the source and (needlessly) reject the package.
 - The source isn't duplicated in every .diff.gz/.debian.tar.* (though
   this only really matters for larger sources).

You could also ask debian...@lists.debian.org or #debian-qa for more
guidance.

[1] https://www.debian.org/social_contract.en.html#guidelines
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736873#8
[3] https://www.debian.org/social_contract


signature.asc
Description: This is a digitally signed message part.

Bug#849830: [Pkg-kde-extras] Bug#849830: Bug#849830: [src:digikam] Some sources are not included in your package

Bug#849830: [Pkg-kde-extras] Bug#849830: [src:digikam] Some sources are not included in your package

Bug#849830: [src:digikam] Some sources are not included in your package

Bug#849830: [Pkg-kde-extras] Bug#849830: [src:digikam] Some sources are not included in your package

Bug#849830: [src:digikam] Some sources are not included in your package

Bug#849830: [src:digikam] Some sources are not included in your package

6 matches

Site Navigation

Mail list logo

Footer information