Package: piwigo Severity: serious Tags: upstream Justification: Policy 2.2.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello, I found that the file include/template.class.php, which is a rename of the more known jsmin.php [1] which is a rewriting in PHP of jsmin.c [2]. [1] https://github.com/douglascrockford/JSMin [2] http://www.crockford.com/javascript/jsmin.html The problem, which has already struck Google Code [3], Fedora [4] and Debian for other packages that included jsmin.php, is that this code uses a non-free license, in the form of a MIT/Expat license with one additional morality clause: > The Software shall be used for Good, not Evil. [3] http://wonko.com/post/jsmin-isnt-welcome-on-google-code [4] https://bugzilla.redhat.com/show_bug.cgi?id=455507 And unfortunately, the original author of jsmin.c has strong ideas that make him unwilling to change his license to conform to free software principles (the DFSG in our case). Since jsmin.php is only a JS minimizer, Piwigo should be able to work without it with only a few modifications. I think that should take the form of a source tarball repacking and a Debian-specific patch making jsmin facultative (that is, if jsmin.php is not available, do not use it), but that patch could be integrated upstream. Regards, - -- Tanguy Ortolo - -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBCgAGBQJPU0bMAAoJEOryzVHFAGgZlfUP/jj+po0y0lj7ZPZzbyegmsK8 DpI0D/2DVjACLSMO4tQpi7YZFXX3umuoXSVQ8KkGOnvsOiCGetF9Tw2tmfEsbnCL k7GgochTYCK3hZSyJzcEd0tx2GOZNEPLQegYW50GStyvht1eCWrHwYyYdze0THvW whNohNO5AaeepkLMlRPleNQpRCBMSaSXu0k66uIANRQisEVIrehgz4iedR3jeKD/ lzYCtCw5/zp8UR2IRQR7HotMxoBfhVswvGg9EKX2yHKx5awt5Q3harFU7TkGe7eQ aF1UDtDC/7USC0lwgqJKwXq9pIX0lO2+bu1+V0p4Jz77H462piPnIayttJEy6iWu m+ATrpNxraQ7XPO5u6VzwCUCcJNNnOW0yPbE67oaaN5pJUp2NyD0kHc6ZcagcD8U 3VYnYjjdoeeO9BdsB02E180BbNbl3cNwSun2QIYGfH9J1yWeqNpEw204BYJapgQm BJacTrkbctsdRWpkfrKJ67b8i4v6KaqAkuosFH2w12+YCmNUSC3PKtWyiBsNe6m8 KRJZ9DZdug0izYwhIODhHuXR4ZoJ1yK6MZJH2Lu9Bo6Ce8/eN6pHqyHIDg5IIY66 XVKP+V8rD7VsX8vr6O5LUtHqT4I38gStqO7cO586wZCymr679XNvVF23aE/Gi2rC 7ecHcrlpyrpezsO7cOBq =5vad -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org