On Fri, Apr 27, 2012 at 11:33 AM, Amadeusz Żołnowski <aide...@gentoo.org> wrote: > > And this is probably the case when user has to accept a license on the > website. This is URL for zip archive of yEd-3.9.1: > > http://www.yworks.com/en/products_download.php?file=yEd-3.9.1.zip > > It directs to website with license text, check-box for accept and > download button. If check-box is not set, following message is shown: > > "In order to download yEd, it is necessary that you first accept the > license terms." > > If check-box is set, client is redirected to the page with actual link to > zip archive.
It turns out the vendor is lying - you can download it fine without accepting the license from: http://www.yworks.com/products/yed/demo/yEd-3.9.1.zip No doubt the vendor WANTS users to accept the license first, but it is not "necessary" from a technical standpoint. > > Moreover, I have had email conversation with yWorks representative and > he says that installation files need to be obtained manually by the end > users from their website. > Again, they likely intend for them to be obtained in this manner, but the word "need" is not true from a technical perspective. This brings up a debate that was recently held over deep-linking in bugzilla over a math library. The trustees never took a final vote since the maintainer decided to just implement RESTRICT=fetch. The issue there was about more than just copyright, however, and the trade regulations around munitions do not apply in this case. I don't think we have clear policy around this situation. I see our options as: 1. Set RESTRICT=fetch because upstream wants us to and we like to cooperate. 2. Set RESTRICT=fetch because even if legally they're on shaky ground upstream could probably waste a lot of our time and money. 3. Set RESTRICT=mirror because legally we think we have the right to do so, and want to stand for our principles and make life easier for our users. The potential upstream responses to doing #3 might be to do nothing, to not like us, to sue us, or to not use a fixed URL to distribute the file so that we have to restrict fetching for technical reasons. Do we as a matter of policy want to respect broken click-through download implementations? Rich
