On Fri, Apr 27, 2012 at 11:33 AM, Amadeusz Å»oÅ‚nowski <firstname.lastname@example.org> wrote: >
> And this is probably the case when user has to accept a license on the
> website. Â This is URL for zip archive of yEd-3.9.1:
> Â http://www.yworks.com/en/products_download.php?file=yEd-3.9.1.zip
> It directs to website with license text, check-box for accept and
> download button. Â If check-box is not set, following message is shown:
> Â "In order to download yEd, it is necessary that you first accept the
> Â license terms."
> If check-box is set, client is redirected to the page with actual link to
> zip archive.
It turns out the vendor is lying - you can download it fine without
accepting the license from: http://www.yworks.com/products/yed/demo/yEd-3.9.1.zip
No doubt the vendor WANTS users to accept the license first, but it is
not "necessary" from a technical standpoint. >
> Moreover, I have had email conversation with yWorks representative and
> he says that installation files need to be obtained manually by the end
> users from their website.
Again, they likely intend for them to be obtained in this manner, but
the word "need" is not true from a technical perspective.
This brings up a debate that was recently held over deep-linking in
bugzilla over a math library. The trustees never took a final vote
since the maintainer decided to just implement RESTRICT=fetch. The
issue there was about more than just copyright, however, and the trade
regulations around munitions do not apply in this case.
I don't think we have clear policy around this situation. I see our options as:
1. Set RESTRICT=fetch because upstream wants us to and we like to cooperate.
2. Set RESTRICT=fetch because even if legally they're on shaky ground
upstream could probably waste a lot of our time and money.
3. Set RESTRICT=mirror because legally we think we have the right to
do so, and want to stand for our principles and make life easier for
The potential upstream responses to doing #3 might be to do nothing,
to not like us, to sue us, or to not use a fixed URL to distribute the
file so that we have to restrict fetching for technical reasons.
Do we as a matter of policy want to respect broken click-through