Bug#849830: [Pkg-kde-extras] Bug#849830: Bug#849830: [src:digikam] Some sources are not included in your package
On January 2, 2017 11:17:43 AM EST, Steve Robbins wrote: >On Sunday, January 1, 2017 2:29:37 AM CST you wrote: >> On Sunday, January 01, 2017 12:59:08 AM Steve Robbins wrote: >> > On Saturday, December 31, 2016 10:06:37 PM CST you wrote: > >> > No part of the resulting binary package comes from files that are >not in >> > their intended form of modification. I acknowledge there are extra >> > non-source files in the source tarball *that are not used* to >create the >> > binary. >> >> Speaking as a member of the FTP team, the source needs to be DFSG >free to be >> in Main. Regardless of if it's used in the binary. > >To take that position, you need to redefine "source" as essentially any >file in >the upstream tarball, regardless of whether it is used to produce the >binary >packages. I think most people -- myself included -- would equate >"source" >with "files that are used to produce the binary distribution" (and, for > >avoidance of doubt, this includes config files, doc files used to >produce -doc >packages, etc). > >Taking your stronger view requires creating a debian-specific "source" >tarball >that pragmatically gains no extra freedom for the users. > >Moreover I don't find that definition in the DFSG, which says only >that: "The >program must include source code, and must allow distribution in source >code >as well as compiled form." > >> > > In some cases this could also constitute a license violation for >some >> > > copyleft licenses such as the GNU GPL. (While sometimes the >licence >> > > allows not to ship the source, the DFSG always mandates source >code.) >> > >> > It requires all sources required to create the binary. Digikam >meets this >> > test. >> >> No. It doesn't. This is a valid bug and one that's not hard to fix. > >The GPL defines “source code” as "the preferred form of the work for >making >modifications to it." The requirement is that if you provide a >covered work, >you must also provide the source. There is no restriction in the GPL >that >forbids extraneous non-source files from being provided in the same >tarball. >So, yes: Debian's Digikam meets the GPL requirements. I never said it wasn't GPL compliant. What I am giving you is the FTP team position on DFSG as it relates to source packages. As it stands, the source package contains sourceless binary code and that is specifically not allowed in Main. The fact that Debian is distributing it in a part of the main archive called source doesn't remove the requirement to provide source (i.e. preferred form for modification). We've also specifically considered minified JavaScript and determined it is not the source for DFSG purposes. Scott K
Bug#849830: [Pkg-kde-extras] Bug#849830: [src:digikam] Some sources are not included in your package
On Sunday, January 1, 2017 2:29:37 AM CST you wrote: > On Sunday, January 01, 2017 12:59:08 AM Steve Robbins wrote: > > On Saturday, December 31, 2016 10:06:37 PM CST you wrote: > > No part of the resulting binary package comes from files that are not in > > their intended form of modification. I acknowledge there are extra > > non-source files in the source tarball *that are not used* to create the > > binary. > > Speaking as a member of the FTP team, the source needs to be DFSG free to be > in Main. Regardless of if it's used in the binary. To take that position, you need to redefine "source" as essentially any file in the upstream tarball, regardless of whether it is used to produce the binary packages. I think most people -- myself included -- would equate "source" with "files that are used to produce the binary distribution" (and, for avoidance of doubt, this includes config files, doc files used to produce -doc packages, etc). Taking your stronger view requires creating a debian-specific "source" tarball that pragmatically gains no extra freedom for the users. Moreover I don't find that definition in the DFSG, which says only that: "The program must include source code, and must allow distribution in source code as well as compiled form." > > > In some cases this could also constitute a license violation for some > > > copyleft licenses such as the GNU GPL. (While sometimes the licence > > > allows not to ship the source, the DFSG always mandates source code.) > > > > It requires all sources required to create the binary. Digikam meets this > > test. > > No. It doesn't. This is a valid bug and one that's not hard to fix. The GPL defines “source code” as "the preferred form of the work for making modifications to it." The requirement is that if you provide a covered work, you must also provide the source. There is no restriction in the GPL that forbids extraneous non-source files from being provided in the same tarball. So, yes: Debian's Digikam meets the GPL requirements. -Steve signature.asc Description: This is a digitally signed message part.
Bug#849830: [src:digikam] Some sources are not included in your package
On Sun, Jan 1, 2017 at 7:59 AM, Steve Robbins wrote: > On Saturday, December 31, 2016 10:06:37 PM CST you wrote: > >> your package includes some files that seem to lack sources >> in preferred forms of modification (even if removed during clean target). > > No part of the resulting binary package comes from files that are not in their > intended form of modification. I acknowledge there are extra non-source files > in the source tarball *that are not used* to create the binary. Yes but it fail dfsg > >> According to Debian Free Software Guidelines [1] (DFSG) #2: >> "The program must include source code, and must allow distribution >> in source code as well as compiled form." > > Digikam meets this test. No minified javascript are not source > >> In some cases this could also constitute a license violation for some >> copyleft licenses such as the GNU GPL. (While sometimes the licence >> allows not to ship the source, the DFSG always mandates source code.) > > It requires all sources required to create the binary. Digikam meets this > test. Please ask debian-qa or ftpmaster but you should repack > -Steve
Bug#849830: [Pkg-kde-extras] Bug#849830: [src:digikam] Some sources are not included in your package
On Sunday, January 01, 2017 12:59:08 AM Steve Robbins wrote: > On Saturday, December 31, 2016 10:06:37 PM CST you wrote: > > your package includes some files that seem to lack sources > > in preferred forms of modification (even if removed during clean target). > > No part of the resulting binary package comes from files that are not in > their intended form of modification. I acknowledge there are extra > non-source files in the source tarball *that are not used* to create the > binary. Speaking as a member of the FTP team, the source needs to be DFSG free to be in Main. Regardless of if it's used in the binary. > > According to Debian Free Software Guidelines [1] (DFSG) #2: > > "The program must include source code, and must allow distribution > > > > in source code as well as compiled form." > > Digikam meets this test. Binaries yes, source no. > > In some cases this could also constitute a license violation for some > > copyleft licenses such as the GNU GPL. (While sometimes the licence > > allows not to ship the source, the DFSG always mandates source code.) > > It requires all sources required to create the binary. Digikam meets this > test. No. It doesn't. This is a valid bug and one that's not hard to fix. Scott K
Bug#849830: [src:digikam] Some sources are not included in your package
On Saturday, December 31, 2016 10:06:37 PM CST you wrote: > your package includes some files that seem to lack sources > in preferred forms of modification (even if removed during clean target). No part of the resulting binary package comes from files that are not in their intended form of modification. I acknowledge there are extra non-source files in the source tarball *that are not used* to create the binary. > According to Debian Free Software Guidelines [1] (DFSG) #2: > "The program must include source code, and must allow distribution > in source code as well as compiled form." Digikam meets this test. > In some cases this could also constitute a license violation for some > copyleft licenses such as the GNU GPL. (While sometimes the licence > allows not to ship the source, the DFSG always mandates source code.) It requires all sources required to create the binary. Digikam meets this test. -Steve signature.asc Description: This is a digitally signed message part.
Bug#849830: [src:digikam] Some sources are not included in your package
Package: src:digikam Version: 4:5.3.0-1 user: lintian-ma...@debian.org usertags: source-is-missing severity: serious X-Debbugs-CC: ftpmas...@debian.org Hi, your package includes some files that seem to lack sources in preferred forms of modification (even if removed during clean target). I have copied the lintian override that is bogus # The following two files are removed in clean target, so not part of the build. digikam source: source-is-missing core/data/about/js/bootstrap.min.js digikam source: source-is-missing core/data/about/js/jquery.min.js According to Debian Free Software Guidelines [1] (DFSG) #2: "The program must include source code, and must allow distribution in source code as well as compiled form." In some cases this could also constitute a license violation for some copyleft licenses such as the GNU GPL. (While sometimes the licence allows not to ship the source, the DFSG always mandates source code.) In order to solve this problem, you could: 1. add the source files to "debian/missing-sources" directory. 2. repack the origin tarball and add the missing source files to it. Both way satisfy the requirement to ship all source code. The second option might be preferable due to the following reasons [2]: - Upstream can do it too and you could even supply a patch to them, thus full filling our social contract [3], see particularly §2. - If source and non-source are in different locations, ftpmasters may miss the source and (needlessly) reject the package. - The source isn't duplicated in every .diff.gz/.debian.tar.* (though this only really matters for larger sources). You could also ask debian...@lists.debian.org or #debian-qa for more guidance. [1] https://www.debian.org/social_contract.en.html#guidelines [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736873#8 [3] https://www.debian.org/social_contract signature.asc Description: This is a digitally signed message part.