[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Savannah-hackers-public] Project evaluation sample and info
From: |
Ineiev |
Subject: |
Re: [Savannah-hackers-public] Project evaluation sample and info |
Date: |
Sun, 22 Jul 2018 10:46:28 -0400 |
User-agent: |
Mutt/1.5.21 (2010-09-15) |
Hello, Robert;
On Sat, Jul 21, 2018 at 11:24:37PM -0400, Robert Musial wrote:
>
> For my sample evaluation I picked task #14302: Submission of ipblock
>
> If I were responding to it I'd say...
Most important, it was submitted as GNU software; such packages
follow a different procedure, per
https://www.gnu.org/help/evaluation.html
On Savannah, we basically evaluate non-GNU submissions.
> 0. That it lacks any information on dependencies. I see they are
> bash scripts. Do they have any requirement of a certain version of
> bash? Does it require anything else? Iptables presumably, what
> version?
Bash version doesn't matter. the point of listing dependencies is
making sure that it runs on top of free system and that it's
GPL-compatible.
> 1. It lacks a clear manual or info on how to use it. The README is
> only a few lines. It doesn't explain how it works or what exactly it
> is doing. It says it doesn't work well with Network Manager or DHCP.
> What does it mean to not work well? Will it break my network config?
> And again, that goes back to dependencies.
We don't look into such technical things. the package may be
on an early stage and may not work at all. it may run on custom boards
no Savannah admin has access to.
> 2. The copyright on the scripts are muddled. It shows these scripts
> are copyright by 2 parties, nixcraft and the submitter. What did
> nixcraft contribute? What did the submitter contribute? Is there a
> changelog, diff, or patch anywhere? How much of these scripts are
> changed from upstream?
And the license notices don't follow the guidelines from
https://www.gnu.org/l/gpl-howto.html (or the GPL itself).
countries_code.txt has no notices at all.
> 3. Further copyright AND dependencies questions: For the scripts to
> work, the scripts download network information from
> http://www.ipdeny.com/ipblocks/data/aggregated/
> But in that directory there is a Copyrights.txt file that reads, in part...
> "YOU MAY NOW RE-DISTRIBUTE OUR IP ZONE FILES. BUT YOU SHOULD KEEP
> THIS COPYRIGHT.TXT FILE INTACT AND DISTRIBUTE IT WITH OUR
> ZONE FILES OR FILE ARCHIVES. WE ALSO WELCOME ANY LINKS BACK TO OUR
> SITE WWW.IPDENY.COM
>
> YOU CANNOT USE IPDENY.COM COUNTRY IP DATA FOR SPAMMING,
> OTHER BULK ADVERTISING AND ILLEGAL ACTIVITIES.
>
> IF YOU OFFER WEB BASED IP TO COUNTRY SERVICE USING OUR IP COUNTRY
> BLOCK FILES A LINK BACK TO IPDENY.COM IS REQUIRED."
>
> While that allows redistribution, it does require the copyright.txt
> file be along with it. Does that mean even if you download them
> individually, you must also grab that copyright? Do the scripts need
> to contain that copyright?
>
> Also it doesn't mention anything about being able to modify those
> zone files, and/or redistribute modified versions, which could make
> it incompatible with the GPLv2+ it is licensed under.
This is a major issue. I'd said it's a proprietary dependency.
> Finally, 4. Using the guidelines "We discourage submitting
> simplistic text-only projects"
I'm not sure it's really simplistic. I've seen submissions of
much more simple packages.
signature.asc
Description: Digital signature