Package: piwigo
Severity: serious
Tags: upstream
Justification: Policy 2.2.1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hello,
I found that the file include/template.class.php, which is a rename of the more
known jsmin.php [1] which is a rewriting in PHP of jsmin.c [2].
[1] https://github.com/douglascrockford/JSMin
[2] http://www.crockford.com/javascript/jsmin.html
The problem, which has already struck Google Code [3], Fedora [4] and Debian
for other packages that included jsmin.php, is that this code uses a non-free
license, in the form of a MIT/Expat license with one additional morality
clause:
> The Software shall be used for Good, not Evil.
[3] http://wonko.com/post/jsmin-isnt-welcome-on-google-code
[4] https://bugzilla.redhat.com/show_bug.cgi?id=455507
And unfortunately, the original author of jsmin.c has strong ideas that make
him unwilling to change his license to conform to free software principles (the
DFSG in our case).
Since jsmin.php is only a JS minimizer, Piwigo should be able to work without
it with only a few modifications. I think that should take the form of a source
tarball repacking and a Debian-specific patch making jsmin facultative (that
is, if jsmin.php is not available, do not use it), but that patch could be
integrated upstream.
Regards,
- --
Tanguy Ortolo
- -- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCgAGBQJPU0bMAAoJEOryzVHFAGgZlfUP/jj+po0y0lj7ZPZzbyegmsK8
DpI0D/2DVjACLSMO4tQpi7YZFXX3umuoXSVQ8KkGOnvsOiCGetF9Tw2tmfEsbnCL
k7GgochTYCK3hZSyJzcEd0tx2GOZNEPLQegYW50GStyvht1eCWrHwYyYdze0THvW
whNohNO5AaeepkLMlRPleNQpRCBMSaSXu0k66uIANRQisEVIrehgz4iedR3jeKD/
lzYCtCw5/zp8UR2IRQR7HotMxoBfhVswvGg9EKX2yHKx5awt5Q3harFU7TkGe7eQ
aF1UDtDC/7USC0lwgqJKwXq9pIX0lO2+bu1+V0p4Jz77H462piPnIayttJEy6iWu
m+ATrpNxraQ7XPO5u6VzwCUCcJNNnOW0yPbE67oaaN5pJUp2NyD0kHc6ZcagcD8U
3VYnYjjdoeeO9BdsB02E180BbNbl3cNwSun2QIYGfH9J1yWeqNpEw204BYJapgQm
BJacTrkbctsdRWpkfrKJ67b8i4v6KaqAkuosFH2w12+YCmNUSC3PKtWyiBsNe6m8
KRJZ9DZdug0izYwhIODhHuXR4ZoJ1yK6MZJH2Lu9Bo6Ce8/eN6pHqyHIDg5IIY66
XVKP+V8rD7VsX8vr6O5LUtHqT4I38gStqO7cO586wZCymr679XNvVF23aE/Gi2rC
7ecHcrlpyrpezsO7cOBq
=5vad
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
