Hello ! I think you should delete the package/PKGBUILD. Seeing what you wrote, he doesn't want his software to be redistributed and doing so is thus an enforcement. Moreover it is against one of the fundamental 4 liberties of free software. You could maybe provide a PKGBUILD which would more or less be an installation script and that will just assume the program tarballs are in the current directory but not download them. This sort of PKGBUILD are probably better in the forum inside the "Package requests" section than in the AUR because it is not useable as-is (it is my humble opinion!). Then, what's going on sourceforge's website is their business and the ArchLinux community should not be engaged in it. However, if _you_ feel concerned (I do too), you can warn sourceforge, but on your own. That was my opinion !! :) Have a nice evening. Cilyan 2008/7/15 bardo <ilbardo@gmail.com>:
Hi fellow TUs, devs and archers! I'm writing this long e-mail to discuss the current situation about sancho-gtk, a [community] package I'm maintaining.
I inherited sancho-gtk, a front-end for mldonkey, when mOLOk resigned from his TU position, and some time ago I checked if everything was ok with it. In the PKGBUILD I found an ugly hack to download the software, which is hosted on Sourceforge but isn't available at the traditional download location. It is rather distributed through a direct link in its homepage (http://sancho-gui.sourceforge.net/), but that link changes every few minutes: because of this came the ugly hack. The whole thing, I discovered, was done on purpose by its author, whom I contacted for explainations.
He pointed out that the download page page states "no redist/pkging/mirrors pls". I don't like forwarding private e-mails, so here's a summary of what I found out and some of my assumptions. * The author doesn't like his software to be repackaged because he doesn't want users complaining upstream for distribution-level bugs. * He doesn't really care if his user base drops to near-zero because his software isn't easily available and integrated in linux distributions. * I wasn't able to find the application's source code (the GTK version, at least) on his site, so I assume it is a closed source app. When the author was asked to clarify his position, include a license and, in case of a free one, the corresponding source code, he didn't answer. * The author thinks software inclusion in a linux distro is "opt-in" (his words), and states he never asked for it. When I pointed out that free software has nothing to do with opt-in, he stopped answering my e-mails. * The author never clearly stated (even though I asked) if we are infringing any license by redistributing the software. * An important phrase I think i just have to report is "I don't think a license has ever written any software", referring to his preference of distributing his software only through the homepage.
I want to drop this software from our repos. Not because he asked for it, but because it looks like this person doesn't really understand what free software and a community are, and that we are persons, too, with our rights. He's not the kind of person I want to deal with. I also think he is in violation of Sourceforge terms, since he's maintaining what looks like proprietary software on their servers.
What do you think about the whole thing? I already decided to drop both sancho-gtk and mldonkey (its development seems to be stalled), but there are more questions. Should I notify him to Sourceforge in case he is infringing? Should I drop the package to [unsupported]? Should I delete it? Should I hand it to another maintainer? I wouldn't want to see another ion3, but I don't think it's very different. Should we try to define special policies for cases like these?
Corrado