Hello

python-django-registration has been removed from testing, and since it's
an useful package I'd like to bring it back into it.

There is a new upstream release, and there was already some work done in
git to package it, but it was failing because upstream has added a new dependency on https://pypi.org/project/confusable_homoglyphs/

The problem with the latter is that it includes two files from the
unicode consortium:
http://www.unicode.org/Public/UNIDATA/Scripts.txt http://www.unicode.org/Public/security/latest/confusables.txt
which, if my understanding of https://www.unicode.org/copyright.html is
correct aren't DFSG, but could be redistributed.

I have two questions on how to proceed.

1) I've pushed to git a patch to make confusable_homoglyphs optional:
it seems to be working, but it's still missing proper warning of the
user that that specific protection is disabled. I would add both a
runtime warning and a .NEWS.

Do you think it is ok to upload the package like this?

2) Even if the answer to 1 is yes, I can also try to package confusable_homoglyphs: upstream can download the files from the unicode consortium if they aren't available: do you think it's better to use
that ability and package the file in contrib, or just put everything in non-free?

Personally, the latter sounds quite easier, and I would be strongly
tempted by it.
--
Elena ``of Valhalla''

🧛

-----BEGIN PGP SIGNATURE-----

iQEzBAABCAAdFiEEY8n6rGg5PpTPkl4ZcL0i0xEjtDEFAmMxbjkACgkQcL0i0xEj tDE6cAgAh+0qSTwWRoZd62A9ZFcZXrUxVYfgZ6Ipw4fMlek1TGRQan7DFKonVJEk LB2Hu8t9PKjSve4IyG/ufre102GkCsq8pK0p+AKiTwrxTqmRkdLpTp59BThxRGKq 2HE1cnIjiPrlp/lxPcT0WiWJe/+XRwIalc9dUnSOEcnuisndneRawkV41aNocDVJ meQm9ot4ftL+lc4ZW3gpxr/ApZVG9oRqciyCV8x8P1wtSIGydOHQPvElH6vowWay U63JbT/LKTOVZrRn0/XvFGavNmFWiPW3kuDWtNttnpTozVm8l969dOHJZeEbCYme LfQfarAJeBtPRUwnBbk2eRPJ13Sf1w==
=iRVT
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, 26 Sept 2022 at 19:18, Elena ``of Valhalla'' Grandi < valhalla@debian.org> wrote:

http://www.unicode.org/Public/UNIDATA/Scripts.txt http://www.unicode.org/Public/security/latest/confusables.txt
which, if my understanding of https://www.unicode.org/copyright.html is correct aren't DFSG, but could be redistributed.

Given they sit under Public aren't they DATA FILES and subject to https://www.unicode.org/license.txt
That license seems very BSD 3-Clause-ish.

I suppose it comes down to what "Further specification" means. Does it mean license.txt overrules copyright.html?

You could ask debian-legal for guidance.

Do you think it is ok to upload the package like this?

It's not ideal but if the result is you cannot use those confusables then
its the only way forward.

2) Even if the answer to 1 is yes, I can also try to package confusable_homoglyphs: upstream can download the files from the unicode consortium if they aren't available: do you think it's better to use
that ability and package the file in contrib, or just put everything in non-free?

Personally, the latter sounds quite easier, and I would be strongly
tempted by it.

I have a similar problem with SNMP MIBs (thanks IETF). They're not even redistributable so I have a contrib mibs-downloader package.
If the system can do it itself, that's ok but it needs to be something that
the user knows is happening. I have had issues with WordPress before where
it has links in some of the themes.

So in summary:
* See if license.txt is the actual license and its DFSG free (I think it
could be)
* If not, I'd package the files in a separate archive

- Craig

--

Elena ``of Valhalla''

🧛

<div dir="ltr"><div dir="ltr">On Mon, 26 Sept 2022 at 19:18, Elena ``of Valhalla&#39;&#39; Grandi &lt;<a href="mailto:valhalla@debian.org">valhalla@debian.org</a>&gt; wrote:<br></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:
0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><a href="http://www.unicode.org/Public/UNIDATA/Scripts.txt" rel="noreferrer" target="_blank">http://www.unicode.org/Public/UNIDATA/Scripts.txt</a><br>
<a href="http://www.unicode.org/Public/security/latest/confusables.txt" rel="noreferrer" target="_blank">http://www.unicode.org/Public/security/latest/confusables.txt</a><br>
which, if my understanding of <a href="https://www.unicode.org/copyright.html" rel="noreferrer" target="_blank">https://www.unicode.org/copyright.html</a> is<br>
correct aren&#39;t DFSG, but could be redistributed.<br></blockquote><div>Given they sit under Public aren&#39;t they DATA FILES and subject to <a href="ht

On 2022-09-27 at 08:17:39 +1000, Craig Small wrote:

Given they sit under Public aren't they DATA FILES and subject to https://www.unicode.org/license.txt
That license seems very BSD 3-Clause-ish.
[...]

thanks, I was using my pessimist parser :) and didn't notice the good
news.

confusable-homoglyphs is now in NEW.

--
Elena ``of Valhalla''

🧛

-----BEGIN PGP SIGNATURE-----

iQEzBAABCAAdFiEEY8n6rGg5PpTPkl4ZcL0i0xEjtDEFAmM2q8oACgkQcL0i0xEj tDE1Ywf/Zpr3GELSq/wW289wAyms3TkAw8j0JYJ6YcfB8MsdxQFBWVvh6S2uJvk0 hop5RDy6Lo3BqfK9gwNE6hmcFPfRLe+47Ag9nTByK1wwiEqfg/vGPsXG1cMscmt4 OF3uuphf8f8fAAd9ZrlEgPuZ40rKEQQfTKG21iC6Gx+InGlk+KotFDYMXosS+b0P nNjcunVehPn4weNQ6R02H4Ri46+v7KWeQDbGkH/z5V8RTesljsYc5wRL33YsVaMc bI+eB/IU9/BaOyqtHTBBJ8Ayf7Uvs3XGEi15UsUEeqjvsM0cUwSpuzbiFxHJC4ke 4wDNjVyBN79BWd0/7dRXwbIYMA1Rjg==
=8xy3
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)