On 12-08-24 at 07:13pm, Russ Allbery wrote: > Ben Finney <ben+deb...@benfinney.id.au> writes: > > > It seems to me that the primary objection to the presence of these > > files without source is that they are then distributed as part of > > Debian, in the source package. That violates our social contract. > > The counter-argument from affected maintainers is that we *do* have > the source. It just happens to be in a different source package. We > even know that, because when we build the binary package we use the > version of the Javascript library derived from that other source > package. > > There is therefore no *actual* violation of the social contract here, > just an inadequacy of bookkeeping.
I see 2 issues here: 1) We have the source for the parts that we ship in binary packages, yes. We do not, however, necessarily have the actual source for the minified files unused for binary packages yet redistributed by us in source tarballs: Just as with autotools files we generally do not verify that these files has same source as the source we instead use for our binary packages. 2) Each source and binary package (+ core parts) is considered a legal entity of its own. That's why we can refer to licensing texts existing in common-licenses, but for e.g. Apache license cannot refer to the text shipped with Apache but must repeat that text in each package. So (build-)depending on other packages is not enough - the required source must exist either in same package or in a core package. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: Digital signature