Stefano Zacchiroli wrote: >Another one that is worth mentioning here --- which I discussed in > the > context of non-free.org with Dafydd Harries and others --- is > introducing a debtags facet to capture the reason why a package is in > non-free.
I'd still say that solving that via debtags isn't actually solving the issue (which doesn't mean that it would be nice to have it in Debtags as well). I guess not all software which is in Debian an makes use of apt repos understands debtags, so until that is fixed (which easily takes forever as new packages that do business with apt repos arrive), there would be still "holes" through which non-open software could hit a system. And, as said before, it's far easier to accidentally forget setting the "this is closed source" debtag, than to move it to the wrong suite, the later would probably at least be checked by the ftp-masters, right? And even *if* it would work out, that all closed-source packages have the right debtag set and no apt package installs them, these packages would still show up, in package listings, perhaps when doing apt-get source and so on. Johannes Schauer wrote: > Also, can the reason why something is in non-free not be captured by > increased > and a more structured use of DEP-5 (machine-readable > debian/copyright)? > > Certainly I'd welcome support of apt for both: debtags *and* licenses > in > debian/copyright :) > > My own motivation to have better control over non-free is my package > ldraw-parts which is released under the "Creative Commons Attribution > Licence > version 2.0" and thus non-free. I can imagine that more people than > just me > would find that license acceptable enough. That sounds perhaps more like something for debtags, but this also doesn't have the security motivation as my proposal. You're package is likely less "worse" than non-free, while what I'd consider for "non-open" is "worse" than "non-free" (it's not even open). I'm not a Debian developer, does anyone here know or has some estimate, on what it would actually take in terms of effort to add another suite like the "non-open" (or "closed-source") I had proposed in the beginning? Are there any technical, organisational or other arguments against it? At least to me, though my knowledge may be too limited, it seemed like a proper solution to be able to have closed-source software in Debian repos in general, but also to be able to *completely* shut them out. And that seemed quite appealing, at least more than the debtags based approach. Thanks and best wishes, Philippe.
