Bug#375894: kiax DFSGness not taken seriously

George Danchev danchev at spnet.net
Wed Jun 28 20:30:17 UTC 2006 

On Wednesday 28 June 2006 21:25, Santiago Garcia Mantinan wrote:
> Package: kiax
> Version: 0.8.51.dfsg-1-1
> Severity: serious
>
> Hi!

Hello,

> We had a package that we knew was dfsg compliant, I had removed the lib
> stuff which had several license problems because of that and then renamed
> it to dfsg as we had agreed that it was dfsg compliant, now...
>
> I found of a bad taste that a new "dfsg" package was uploaded, as I had
> objected to the DFSGness of this new package, today I have looked at it
> more carefully and I found out what had been said before, please somebody
> correct me if I'm wrong, but...

Unfortunaly there was a bug in the sed'ish code which was not ready to cope 
with dfsg-[0-9]-[0-9]. I've just fixed that in svn. That last 0.8.51.dfsg-1-1 
changelog entry caused that repackaing faulire and failed tarball 
sanitization because we did realized (hi Mark ;-) we need a new dfsg tarball 
version (-1-1) after the upload has been rejected by debian installer because 
of the md5sum mismatch:

http://lists.alioth.debian.org/pipermail/pkg-voip-maintainers/2006-June/005126.html

That was not intended, that was a programming mistake.

> 1- the echo cancellation stuff doesn't have a license we can use to say
> it's free, this has been discussed before (see Emil Stoyanov [1] message to
> the list) and I didn't read anybody saying that it was no longer like that

aec_nlms directory is now properly deleted from kiax_0.8.51.dfsg-2.orig.tar.gz


> 2- the iLBC stuff is stil non-free as it used to be that way and it hasn't
> changed its license.

iLBC directory is now properly deleted from kiax_0.8.51.dfsg-2.orig.tar.gz

The rest of kiax/lib/ is really LGPL'ed.

> Other than that, having a program include on its sources at least 4 of our
> already packaged libs and use those sources to compile them statically
> instead of using our tested libs seems a really bad way of packaging
> something.

That's true, but kiax is not ready to use these our libs as of yet. We have 3 
choices: 

* keep it as it is with iLBC and aec_nlms removed from upstream tarball. This 
is: 2a4d5266f5d312ac3f4ba6cea807f2e0  kiax_0.8.51.dfsg-2.orig.tar.gz
in that case we have Echo Cancellation.
* revert to the version in testing - no Echo Cancellation, but our libs are 
used.
* remove kiax from the archive ;-)

> So... after having a package that could go into Debian because it was free,
> we have now come back to the sources that our ftp masters had rejected
> because they were non-free.
>
> This really seems nonsense to me, I don't know if I have to take this as a
> joke or what, who didn't read the list or didn't at least didn't look at
> the sources that he was packaging, or... I just can't explain this, please
> somebody explain this for me. I had to check twice that what I was looking
> at were the sources coming from
> cc39dab9cb55afbe9722a6f4ad2bb5f0  kiax_0.8.51.dfsg-1.orig.tar.gz
> and not from the old non-free version we used to have, and in fact all
> non-free stuff is in there.

the correct one should have been:
2a4d5266f5d312ac3f4ba6cea807f2e0  kiax_0.8.51.dfsg-2.orig.tar.gz

> I hope I'm missing something with all this, otherwise I don't know what we
> are playing at, this seems completely nonsense and a Debian developer
> should be more cautious with what he uploads at least once he knows there
> are problems with licenses on some parts of a software.

Really this was not intended. I hope that now it is really properly corrected.

-- 
pub 4096R/0E4BD0AB 2003-03-18 <people.fccf.net/danchev/key pgp.mit.edu>
fingerprint 1AE7 7C66 0A26 5BFF DF22 5D55 1C57 0C89 0E4B D0AB

More information about the Pkg-voip-maintainers mailing list