Re: Re: Programs contain ads - acceptable for packaging for Debian?
This applies to any program which downloads ads from the network at runtime. Serious problems with this: * We don't know what ads might be displayed and whether we would think them inappropriate, offensive, legally risky, or whatever. * Downloading ads at runtime is a security risk: it exposes the software which has to display them to a very wide array of actors. This is a bad idea (and one reason why you should run your web browser with a good adblocker). * Downloading ads at runtime is a privacy violation, because it allows the ad server to see who is using the program. (This is the concern mentioned by Simon.) If ZZZ (hypothetical program/package) also contain video ads, such ads must be downloaded at runtime, which can cost more bandwidth than traditional (image) ads. Although more engaging, it can eat up system resources if too many ads are in the program.
Re: Programs contain ads - acceptable for packaging for Debian?
El 20/6/19 a las 11:14, Jason Crain escribió: > On Thu, Jun 20, 2019 at 07:54:38PM +0700, Bagas Sanjaya wrote: >> Such ads is displayed only when users have Internet connection, and there is >> no way to patch ZZZ in order to remove ads (or we have to buy "pro" version >> which doesn't contain ads and adds more features). > > If it's free software, meaning it is freely modifiable and > redistributable, how is there no "no way to patch ZZZ in order to remove > ads"? > Agree..Please no software with ads!.. I do not want my computer to be transformed into android phone If you cannot patch, it's not free software. Saludos! -- Fernando Toledo Dock Sud BBS http://bbs.docksud.com.ar telnet://bbs.docksud.com.ar
Re: Programs contain ads - acceptable for packaging for Debian?
On Thu, 20 Jun 2019, Samuel Thibault wrote: > Bagas Sanjaya, le jeu. 20 juin 2019 20:16:08 +0700, a ecrit: > > On 20/06/19 20.11, W. Martin Borgert wrote: > > > Quoting Bagas Sanjaya : > > > > Such ads is displayed only when users have Internet connection, and > > > > there is no way to patch ZZZ in order to remove ads (or we have to > > > > buy "pro" version which doesn't contain ads and adds more features). > > > > > > So it's not free software anyway and does not belong to Debian main. > > > It might be suitable for non-free, but I wonder whether it's worth > > > the trouble to package it. > > > > > Is it implied that all programs which contain ads are non-free and not > > suitable for Debian main? > > > > But ZZZ hypothetical package licensed under DFSG-compliant license (such as > > GPL). > > The concern here is "there is no way to patch ZZZ in order to". If there > is no way to make the program do what you want, it is not free. And if there is a [legal, license-compliant] way, but it would raise major stink with upstream, we don't package it either even if it is DFSG-compliant. Not everything that complies to the DFSG is *desirable* in Debian, you can alwasy package it for your own use, obviously, but don't upload it. NOTE: unobtrusive, static, non-obnoxious "please donate" messages in a splash screen at program startup are *NOT* the same as "ad displaying": we pretty much tolerate such static requests for contributions from upstream without any fuss. For one, they're not a security risk, and also not a privacy risk, unlike anything that downloads advertisements when it can. NOTE2: if upstream is fine with the full removal of the advertising engine and the license allows it then it would be ok to remove it and upload to Debian with the advertisement engine removed. -- Henrique Holschuh
Re: Programs contain ads - acceptable for packaging for Debian?
Jason Crain wrote: > > Such ads is displayed only when users have Internet connection, and there is > > no way to patch ZZZ in order to remove ads (or we have to buy "pro" version > > which doesn't contain ads and adds more features). > > If it's free software, meaning it is freely modifiable and > redistributable, how is there no "no way to patch ZZZ in order to remove > ads"? Indeed, and I fully +1 all the other sentiments regarding privacy & network access etc., only sardonically adding that such advertisement are typically unspeakably unsightly and surely have no place in our distribution on those grounds alone. However, as a refinement — or perhaps to get the last remaining "extra credit" in this thread which appears to be reaching consensus — note that there are some licenses that ask you to redistribute changed copies under a different name. Thus depending on your definition of what ZZZ "is" (as well as how pedantic you are feeling at the time) there are indeed "soft" ways of having such a "no way to patch ZZZ" clause that «prima facie» appears to be non-free. Most notably from a Debian point of view would be: https://en.wikipedia.org/wiki/LaTeX_Project_Public_License#Unique_features_of_the_license Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org chris-lamb.co.uk `-
Re: Programs contain ads - acceptable for packaging for Debian?
On Thu, Jun 20, 2019 at 07:54:38PM +0700, Bagas Sanjaya wrote: > Such ads is displayed only when users have Internet connection, and there is > no way to patch ZZZ in order to remove ads (or we have to buy "pro" version > which doesn't contain ads and adds more features). If it's free software, meaning it is freely modifiable and redistributable, how is there no "no way to patch ZZZ in order to remove ads"?
Re: Programs contain ads - acceptable for packaging for Debian?
Hi, > Bagas Sanjaya 於 2019年6月20日 20:54 寫道: > > Such ads is displayed only when users have Internet connection, and there is > no way to patch ZZZ in order to remove ads (or we have to buy "pro" version > which doesn't contain ads and adds more features). As a DFSG-free software it should be possible per license agreement. We can review the license for that. Could you file a RFP for the exact software you would like to package? We would like to see where the problem is. Yao Wei (This email is sent from a phone; sorry for HTML email if it happens.)
Re: Programs contain ads - acceptable for packaging for Debian?
Bagas Sanjaya, le jeu. 20 juin 2019 20:16:08 +0700, a ecrit: > > On 20/06/19 20.11, W. Martin Borgert wrote: > > Quoting Bagas Sanjaya : > > > Such ads is displayed only when users have Internet connection, and > > > there is no way to patch ZZZ in order to remove ads (or we have to > > > buy "pro" version which doesn't contain ads and adds more features). > > > > So it's not free software anyway and does not belong to Debian main. > > It might be suitable for non-free, but I wonder whether it's worth > > the trouble to package it. > > > Is it implied that all programs which contain ads are non-free and not > suitable for Debian main? > > But ZZZ hypothetical package licensed under DFSG-compliant license (such as > GPL). The concern here is "there is no way to patch ZZZ in order to". If there is no way to make the program do what you want, it is not free. Samuel
Re: Programs contain ads - acceptable for packaging for Debian?
On 20/06/19 20.11, W. Martin Borgert wrote: Quoting Bagas Sanjaya : Such ads is displayed only when users have Internet connection, and there is no way to patch ZZZ in order to remove ads (or we have to buy "pro" version which doesn't contain ads and adds more features). So it's not free software anyway and does not belong to Debian main. It might be suitable for non-free, but I wonder whether it's worth the trouble to package it. Is it implied that all programs which contain ads are non-free and not suitable for Debian main? But ZZZ hypothetical package licensed under DFSG-compliant license (such as GPL).
Re: Programs contain ads - acceptable for packaging for Debian?
On 20/06/19 15.49, W. Martin Borgert wrote: Quoting Bagas Sanjaya : Suppose that an upstream has released a program which its license conforms to DFSG (named ZZZ), but when I test it, ads placed by the upstream appear (such as pop up ads). Since ads can affect user experience of ZZZ, but at the same time the upstream get paid by ad networks which he place the ads into ZZZ, would it acceptable to package ZZZ for Debian? Side question, because you mention "ad networks": Does showing the ad involve a potential privacy violation? I.e. does showing the ad involve any network traffic, leaking the users IP address? If so, I strongly suggest to patch ZZZ accordingly. Otherwise, I would leave it to the package maintainer, whether they like to disable the ad or not, but that's more a question for debian-le...@lists.debian.org. Such ads is displayed only when users have Internet connection, and there is no way to patch ZZZ in order to remove ads (or we have to buy "pro" version which doesn't contain ads and adds more features).
Re: Programs contain ads - acceptable for packaging for Debian?
Quoting Bagas Sanjaya : Such ads is displayed only when users have Internet connection, and there is no way to patch ZZZ in order to remove ads (or we have to buy "pro" version which doesn't contain ads and adds more features). So it's not free software anyway and does not belong to Debian main. It might be suitable for non-free, but I wonder whether it's worth the trouble to package it.
Re: Programs contain ads - acceptable for packaging for Debian?
Simon McVittie writes ("Re: Programs contain ads - acceptable for packaging for Debian?"): > On Thu, 20 Jun 2019 at 13:15:26 +0700, Bagas Sanjaya wrote: > > Suppose that an upstream has released a program which its license conforms > > to DFSG (named ZZZ), but when I test it, ads placed by the upstream appear > > (such as pop up ads). Since ads can affect user experience of ZZZ, but at > > the same time the upstream get paid by ad networks which he place the ads > > into ZZZ, would it acceptable to package ZZZ for Debian? > > Personal opinion only: > > If the ads give a third-party ad network the opportunity to track the > users of ZZZ, then I'd consider that to be an important bug, and it > would not be appropriate to package ZZZ without removing them (assuming > the license allows for that, which it should if it is DFSG-compliant). I agree. This applies to any program which downloads ads from the network at runtime. Serious problems with this: * We don't know what ads might be displayed and whether we would think them inappropriate, offensive, legally risky, or whatever. * Downloading ads at runtime is a security risk: it exposes the software which has to display them to a very wide array of actors. This is a bad idea (and one reason why you should run your web browser with a good adblocker). * Downloading ads at runtime is a privacy violation, because it allows the ad server to see who is using the program. (This is the concern mentioned by Simon.) So I think ZZZ should be patched to not download ads from the network. It would be polite to have a conversation with upstream about this, and we in Debian would always strive to be polite, but if ZZZ is free software then we do not need upstream's permission. Ian. -- Ian JacksonThese opinions are my own. If I emailed you from an address @fyvzl.net or @evade.org.uk, that is a private address which bypasses my fierce spamfilter.
Re: Programs contain ads - acceptable for packaging for Debian?
Quoting Jonathan Carter : It seems clear-cut enough that it doesn't really need advice from debian-legal. If it's free software then a maintainer is free to patch out any behaviour of the app that's intrusive or otherwise undesirable. If the license of the software doesn't allow that, then it's highly likely that the software doesn't belong in main. I probably was not clear, why I suggest to consult -legal. The question about ZZZ is not only, whether the license is free, but ads impose other legal questions, too. E.g. in some countries ads for tobacco products are not allowed. Debian cannot know nor conform to every single law in all countries of the world, but in such a case, I would discuss things first. It's different from asking for a donation to upstream.
Re: Programs contain ads - acceptable for packaging for Debian?
On 2019/06/20 10:49, W. Martin Borgert wrote: > Otherwise, I would leave it to the package maintainer, > whether they like to disable the ad or not, > but that's more a question for debian-le...@lists.debian.org. It seems clear-cut enough that it doesn't really need advice from debian-legal. If it's free software then a maintainer is free to patch out any behaviour of the app that's intrusive or otherwise undesirable. If the license of the software doesn't allow that, then it's highly likely that the software doesn't belong in main. -Jonathan -- ⢀⣴⠾⠻⢶⣦⠀ Jonathan Carter (highvoltage) ⣾⠁⢠⠒⠀⣿⡁ Debian Developer - https://wiki.debian.org/highvoltage ⢿⡄⠘⠷⠚⠋ https://debian.org | https://jonathancarter.org ⠈⠳⣄ Be Bold. Be brave. Debian has got your back.
Re: Programs contain ads - acceptable for packaging for Debian?
On Thu, 20 Jun 2019 at 13:15:26 +0700, Bagas Sanjaya wrote: > Suppose that an upstream has released a program which its license conforms > to DFSG (named ZZZ), but when I test it, ads placed by the upstream appear > (such as pop up ads). Since ads can affect user experience of ZZZ, but at > the same time the upstream get paid by ad networks which he place the ads > into ZZZ, would it acceptable to package ZZZ for Debian? Personal opinion only: If the ads give a third-party ad network the opportunity to track the users of ZZZ, then I'd consider that to be an important bug, and it would not be appropriate to package ZZZ without removing them (assuming the license allows for that, which it should if it is DFSG-compliant). Requesting donations in a way that does not contact the internet unless the user takes action to do so (such as the text hyperlink to Flattr in ikiwiki's file:///usr/share/doc/ikiwiki/html/index.html) seems fine. Anything between those is less well-defined and would have to be looked at case-by-case. smcv
Re: Programs contain ads - acceptable for packaging for Debian?
Quoting Bagas Sanjaya : Suppose that an upstream has released a program which its license conforms to DFSG (named ZZZ), but when I test it, ads placed by the upstream appear (such as pop up ads). Since ads can affect user experience of ZZZ, but at the same time the upstream get paid by ad networks which he place the ads into ZZZ, would it acceptable to package ZZZ for Debian? Side question, because you mention "ad networks": Does showing the ad involve a potential privacy violation? I.e. does showing the ad involve any network traffic, leaking the users IP address? If so, I strongly suggest to patch ZZZ accordingly. Otherwise, I would leave it to the package maintainer, whether they like to disable the ad or not, but that's more a question for debian-le...@lists.debian.org.
Re: Programs contain ads - acceptable for packaging for Debian?
On Thu, 2019-06-20 at 13:15 +0700, Bagas Sanjaya wrote: > Suppose that an upstream has released a program which its license > conforms to DFSG (named ZZZ), but when I test it, ads placed by the > upstream appear (such as pop up ads). Since ads can affect user > experience of ZZZ, but at the same time the upstream get paid by ad > networks which he place the ads into ZZZ, would it acceptable to > package ZZZ for Debian? I don't know whether it's relevant to your question, but we already have software in Debian that displays pop-up ads. Zoneminder displays a pop-up nag for donations. You can turn it oft, but unless you delve into raw SQL hackery of the underlying DB you will see it at least once. signature.asc Description: This is a digitally signed message part
Re: Programs contain ads - acceptable for packaging for Debian?
Hello, Bagas On 20/06/2019 10:15, Bagas Sanjaya wrote: > Hello Debian Developers, > > Suppose that an upstream has released a program which its license conforms to > DFSG (named ZZZ), but when I test it, ads placed by the upstream appear (such > as pop up ads). Since ads can affect user experience of ZZZ, but at the same > time the upstream get paid by ad networks which he place the ads into ZZZ, > would it acceptable to package ZZZ for Debian? > This is a legal issue: please visit https://www.debian.org/legal/ hth, Jerome > Regards, Bagas > -- Jerome BENOIT | calculus+at-rezozer^dot*net https://qa.debian.org/developer.php?login=calcu...@rezozer.net AE28 AE15 710D FF1D 87E5 A762 3F92 19A6 7F36 C68B signature.asc Description: OpenPGP digital signature
Programs contain ads - acceptable for packaging for Debian?
Hello Debian Developers, Suppose that an upstream has released a program which its license conforms to DFSG (named ZZZ), but when I test it, ads placed by the upstream appear (such as pop up ads). Since ads can affect user experience of ZZZ, but at the same time the upstream get paid by ad networks which he place the ads into ZZZ, would it acceptable to package ZZZ for Debian? Regards, Bagas