1. Forum
  2. Usenet
  3. LINUX.DEBIAN.LEGAL

  • remote logo inclusion in package documentation

    From Ian Jackson@21:1/5 to Paride Legovini on Tue Dec 3 14:20:02 2019
    Paride Legovini writes ("remote logo inclusion in package documentation"):
    Hello debian-legal,

    The latest upstream version of a package I maintain (libmseed) ships
    with HTML documentation. The HTML documentation fetches a remote logo,
    and this triggered the privacy-breach-logo lintian tag [0].

    The logo is explicitly made available for usage by the institution
    developing the software [1], but I couldn't find its terms of use. The
    IRIS Wikipedia page includes the logo and lists it as CC BY-SA, but I'm
    not certain this information is correct.

    Do you think the HTML documentation fetching the IRIS logo can be
    included in Debian main?

    No. The lintian warning is correct. Downloading logos in docs like
    this is not only a privacy breach, but also a practical problem.
    I have been on a train with no internet, trying to read some docs
    which I had deliberately pre-installed, and found that each page would
    take 30s to load because it had to wait for an attempted logo fetch to
    time out.

    If you can't establish that the logo is OK to include, you should
    replace it.

    In practice if you write an email to upstream they will probably
    explicitly confirm the CC-BY-SA information from Wikimedia. Have you
    tried that ?

    Regards,
    Ian.

    --
    Ian Jackson <ijackson@chiark.greenend.org.uk> These opinions are my own.

    If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
    a private address which bypasses my fierce spamfilter.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Daniel Leidert@21:1/5 to All on Tue Dec 3 21:50:02 2019
    Am Dienstag, den 03.12.2019, 13:13 +0000 schrieb Ian Jackson:
    Paride Legovini writes ("remote logo inclusion in package documentation"):
    Hello debian-legal,

    The latest upstream version of a package I maintain (libmseed) ships
    with HTML documentation. The HTML documentation fetches a remote logo,
    and this triggered the privacy-breach-logo lintian tag [0].

    The logo is explicitly made available for usage by the institution developing the software [1], but I couldn't find its terms of use. The
    IRIS Wikipedia page includes the logo and lists it as CC BY-SA, but I'm
    not certain this information is correct.

    Do you think the HTML documentation fetching the IRIS logo can be
    included in Debian main?

    No.

    IMO this is incorrect. The policy does not enforce anything like this.

    The whole "privacy breach" stuff is only contained in lintian. Also the tests got added to lintian in the first place to prevent running *scripts* from external resources. Here we are talking about an <img> tag (I guess it is about the image reference in footer.html in the libmseed source).

    I was always wondering, why this kind of stuff now warrants a lintian *warning*, especially since I cannot remember that the project every agreed on anything like it.

    Regards, Daniel

    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAl3mxr0ACgkQS80FZ8KW 0F0qPw//cdg1c86ASmS9bcoI7dvVbfHtxer+KWsJu3jSNroCI7kAlHPamfIle62T J1hVXh/vNr5j8da+jpfmtf+IXLb9/5aSYIElx2ZD5u7jNvnG1MNJNC6KqOjMRiBx +9IBVTcjq+XlrvOGjt71UKrPNQh0amClVsKUsEZpAVdqeUM4STqY92HMsScduVA8 fmJJzqqBpRibh6s000oGVUixqx07y5SeM2TZxLttES+t9GweA53x620UaMQuQqv2 /cWbcaoYLvKFf7smHEPoPkeHllzM96x+9dQguwTPmKy3CIhY1zKJX8J/RR8lYmLF lk99J9Yh9V5XK2xq/Cv2pCxLP8Y4etWtAw8OcAl64+9znzl4bIuLjcYOwWT4F+V9 +AgiJ0IJnLIO1uNWdnOnLO1QT+N10pVJQGPGjOkUQ9wp+OIBSfMoZHAIthVPK2A7 UTgc+nHyamocSl1GR2e58U90cCZE4YA/h0XCNlfRACSwqZXGTRcrGQXNnEvEceBf 2tDzJzQJvB0wi5dphULMQZJK9S5IvipxUY2eH8pATIJlxS5w4YPfXir6naTt+gEo ItBZ9d9Ic0xrFkdkox02s5g4uuBeRAUw6cadzVhgqNtcE4XQ/zg2kSvg/AjR73X6 hbZfhiAvsJjmWVolMW4KsYoktVbyf8PBcNDhaG2ybIHWtlNkK3I=
    =zMYy
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)