On Fri, Aug 11, 2017 at 08:03:09AM -0400, Wouter Verhelst wrote: > If a free software implementation of the remote service exists that a > package can work with, then it can remain in main. If not, it cannot.
There are no free software server-side implementation of e.g. the ICQ protocol, as far as I know, but multiple client-side implementations in main. For that matter, there is no free software server-side implementation of QUIC, so I guess by that rule, Chromium should be in contrib as well. Pretty sure that there isn't any kind of consensus for any of that. As for certspotter, the conversation has derailed quite a bit -- in part because Jonas forwarded this to debian-project while stripping almost the entirety of my reply on the bug, then stripping again all of the context when days later, he started a new thread from scratch on debian-devel. Not cool. To clear things up: - certspotter is free software, and is used to check Certificate Transparency logs, notifying the user if any certificates in the wild have been observed matching a domain of theirs. - The author of certspotter also runs the SSLMate as a commercial offering, which hosts a version of certspotter for anyone to use. It's free for up to 5 domains, then charging for more, for presumably larger enterprises (but these can still opt to run it themselves, using certspotter). The SSLMate website, in the menu under "Cert Spotter", has "Pricing", "API", "Open Source", in that order, with the latter pointing to the GitHub page of certspotter. - People called SSLMate "non-free" and objected to the certspotter description pointing to it. While it is true that it is non-free to some extent, as the web dashboard and code that glues certspotter to it isn't free (AFAIK), the most interesting and complicated part of it (a pretty flexible CT log client) is. - certspotter does not connect to SSLMate in any way. certspotter (either the one locally installed, or the one run by SSLMate) connect to the various CT Logs run by CAs, Google etc. In fact, it connects to the same CT log servers that Chromium does. - Certificate Transparency is an IETF protocol (RFC 6962) and is implemented, as a client, by both Chromium and Firefox. Google has released a a number of freely licensed client libraries, as well as their reference implementation of the CT Log server. Even if the blanket rule that Wouter mentioned existed, certspotter would satisfy it. - I don't have any personal or business connection to SSLMate or certspotter, other than using the software and maintaining the package. I haven't communicated with my upstream about this issue either and my comment on the bug report are just my views. I just want to be fair to a nice upstream, who has graciously released part of their business as free (as in speech and as in beer) software, for anyone to use instead of using their service. I read both of the threads so far (sadly, as most of it was offtopic and a waste of precious DebCamp/DebConf time) and from all the suggestions, I really appreciated and valued Chris Lamb's response about dropping the "requires zero setup" bit. I intend to drop that part on the next upload, whenever that happens. Regards, Faidon
