Hello !
I think you should delete the package/PKGBUILD. Seeing what you wrote, he doesn't want his software to be redistributed and doing so is thus an enforcement. Moreover it is against one of the fundamental 4 liberties of free software.
You could maybe provide a PKGBUILD which would more or less be an installation script and that will just assume the program tarballs are in the current directory but not download them. This sort of PKGBUILD are probably better in the forum inside the "Package requests" section than in the AUR because it is not useable as-is (it is my humble opinion!).
Then, what's going on sourceforge's website is their business and the ArchLinux community should not be engaged in it. However, if _you_ feel concerned (I do too), you can warn sourceforge, but on your own.
That was my opinion !! :)
Have a nice evening.
Cilyan
2008/7/15 bardo <
ilbardo@gmail.com>:
Hi fellow TUs, devs and archers!
I'm writing this long e-mail to discuss the current situation about
sancho-gtk, a [community] package I'm maintaining.
I inherited sancho-gtk, a front-end for mldonkey, when mOLOk resigned
from his TU position, and some time ago I checked if everything was ok
with it. In the PKGBUILD I found an ugly hack to download the
software, which is hosted on Sourceforge but isn't available at the
traditional download location. It is rather distributed through a
direct link in its homepage (http://sancho-gui.sourceforge.net/), but
that link changes every few minutes: because of this came the ugly
hack. The whole thing, I discovered, was done on purpose by its
author, whom I contacted for explainations.
He pointed out that the download page page states "no
redist/pkging/mirrors pls". I don't like forwarding private e-mails,
so here's a summary of what I found out and some of my assumptions.
* The author doesn't like his software to be repackaged because he
doesn't want users complaining upstream for distribution-level bugs.
* He doesn't really care if his user base drops to near-zero because
his software isn't easily available and integrated in linux
distributions.
* I wasn't able to find the application's source code (the GTK
version, at least) on his site, so I assume it is a closed source app.
When the author was asked to clarify his position, include a license
and, in case of a free one, the corresponding source code, he didn't
answer.
* The author thinks software inclusion in a linux distro is "opt-in"
(his words), and states he never asked for it. When I pointed out that
free software has nothing to do with opt-in, he stopped answering my
e-mails.
* The author never clearly stated (even though I asked) if we are
infringing any license by redistributing the software.
* An important phrase I think i just have to report is "I don't think
a license has ever written any software", referring to his preference
of distributing his software only through the homepage.
I want to drop this software from our repos. Not because he asked for
it, but because it looks like this person doesn't really understand
what free software and a community are, and that we are persons, too,
with our rights. He's not the kind of person I want to deal with. I
also think he is in violation of Sourceforge terms, since he's
maintaining what looks like proprietary software on their servers.
What do you think about the whole thing?
I already decided to drop both sancho-gtk and mldonkey (its
development seems to be stalled), but there are more questions. Should
I notify him to Sourceforge in case he is infringing? Should I drop
the package to [unsupported]? Should I delete it? Should I hand it to
another maintainer?
I wouldn't want to see another ion3, but I don't think it's very
different. Should we try to define special policies for cases like
these?
Corrado