Bug#375894: kiax DFSGness not taken seriously
danchev at spnet.net
Wed Jun 28 20:30:17 UTC 2006
On Wednesday 28 June 2006 21:25, Santiago Garcia Mantinan wrote:
> Package: kiax
> Version: 0.8.51.dfsg-1-1
> Severity: serious
> We had a package that we knew was dfsg compliant, I had removed the lib
> stuff which had several license problems because of that and then renamed
> it to dfsg as we had agreed that it was dfsg compliant, now...
> I found of a bad taste that a new "dfsg" package was uploaded, as I had
> objected to the DFSGness of this new package, today I have looked at it
> more carefully and I found out what had been said before, please somebody
> correct me if I'm wrong, but...
Unfortunaly there was a bug in the sed'ish code which was not ready to cope
with dfsg-[0-9]-[0-9]. I've just fixed that in svn. That last 0.8.51.dfsg-1-1
changelog entry caused that repackaing faulire and failed tarball
sanitization because we did realized (hi Mark ;-) we need a new dfsg tarball
version (-1-1) after the upload has been rejected by debian installer because
of the md5sum mismatch:
That was not intended, that was a programming mistake.
> 1- the echo cancellation stuff doesn't have a license we can use to say
> it's free, this has been discussed before (see Emil Stoyanov  message to
> the list) and I didn't read anybody saying that it was no longer like that
aec_nlms directory is now properly deleted from kiax_0.8.51.dfsg-2.orig.tar.gz
> 2- the iLBC stuff is stil non-free as it used to be that way and it hasn't
> changed its license.
iLBC directory is now properly deleted from kiax_0.8.51.dfsg-2.orig.tar.gz
The rest of kiax/lib/ is really LGPL'ed.
> Other than that, having a program include on its sources at least 4 of our
> already packaged libs and use those sources to compile them statically
> instead of using our tested libs seems a really bad way of packaging
That's true, but kiax is not ready to use these our libs as of yet. We have 3
* keep it as it is with iLBC and aec_nlms removed from upstream tarball. This
is: 2a4d5266f5d312ac3f4ba6cea807f2e0 kiax_0.8.51.dfsg-2.orig.tar.gz
in that case we have Echo Cancellation.
* revert to the version in testing - no Echo Cancellation, but our libs are
* remove kiax from the archive ;-)
> So... after having a package that could go into Debian because it was free,
> we have now come back to the sources that our ftp masters had rejected
> because they were non-free.
> This really seems nonsense to me, I don't know if I have to take this as a
> joke or what, who didn't read the list or didn't at least didn't look at
> the sources that he was packaging, or... I just can't explain this, please
> somebody explain this for me. I had to check twice that what I was looking
> at were the sources coming from
> cc39dab9cb55afbe9722a6f4ad2bb5f0 kiax_0.8.51.dfsg-1.orig.tar.gz
> and not from the old non-free version we used to have, and in fact all
> non-free stuff is in there.
the correct one should have been:
> I hope I'm missing something with all this, otherwise I don't know what we
> are playing at, this seems completely nonsense and a Debian developer
> should be more cautious with what he uploads at least once he knows there
> are problems with licenses on some parts of a software.
Really this was not intended. I hope that now it is really properly corrected.
pub 4096R/0E4BD0AB 2003-03-18 <people.fccf.net/danchev/key pgp.mit.edu>
fingerprint 1AE7 7C66 0A26 5BFF DF22 5D55 1C57 0C89 0E4B D0AB
More information about the Pkg-voip-maintainers