On Wed, May 07, 2014 at 05:18:36PM +1000, Ben Finney wrote: > the problem is for the package maintainer to assert that *is* the > corresponding source for a particular work. > > We should not, IMO, accept such an assertion without an independently > verifiable guarantee that can be automated for each release of the > source package.
And that is precisely the disagreement. You say this is important, but there's no rule that requires it and others, including me, say that our time is better spent doing other things. I have no problem accepting the assertion. And if I do that, I see a generated file with what I believe to be its source, and there is no problem. What do you think about configure files? Should they all be removed, because we can never check if configure.ac really is the source (given all the different versions of the tools used to generate it)? What if things break and the maintainer fixes it by editing configure (not configure.ac, for whatever reason) by hand? Does that make the package non-free? I'm not opposed to cleaning every source package so it only uses what is really required for building the Debian package, but that is a big change from "don't touch upstream's tarball unless you really have to", and IMO a GR would be in order for such a big change. Thanks, Bas -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140507182238.gu10...@fmf.nl
