Marcus Better wrote:
> Daniel Baumann wrote:
>> It is RC if the debian/copyright is incorrect or incomplete.
>
> Well, I think it is extremely rare that debian/copyright contains the
> name and dates of every single contributor, although that is the
> recommended practice. This includes some very central Debian packages.
> We should work on this issue though.
I'm afraid, but you mix two things: Authors and contributors.
Contributors do only take credit, authors do claim copyright on
particular components.
e.g. GCC lists officially more than 300 core contributors, where as the
copyright holder is solely the FSF.
The debian/copyright file have to list *all* copyright holders
(exception: FSF copyright on autoconf stuff is ignored in
debian/copyright). This is a must, forced by policy and a RC bug if the
information is incomplete or incorrect. If you ever find a incomplete
debian/copyright file, issue a bug with severity serious. I don't claim
that all debian/copyright files of all 15'000 source packages are
perfectly correct, but most are indeed correct.
> Combing through all the code will take much longer, and I won't be able
> to do it on my own. If you insist that this be done before any new
> upload, then I suggest removing the package from the archive in the
> meantime. Note that no other suspicious code has been reported so far,
> and mose claims that upstream made an effort to get licenses right.
It does not have to removed from the archive if you are constantly
working on getting the situaton solved. However, the package shall not
enter testing while this time.
> What is this tag for? Where do I add it, to the Debian release number?
> Where can I read up on this?
For the sake of completeness, there is some sort of basic rule, going
like this:
You never do repack the upstream-tarball, except for three reasons:
1. If the upstream tarball is not available as tar.gz but in another
format (e.g. tar.bz2), then you just repackage it in the right format,
without changing the directory name or anything else inside the directory.
2. If upstream tarball has a debian/ directory inside, you can remove
the directory and package the tarball again by adding +debian to the
version. E.g. foo_1.2.3.orig.tar.gz becomes foo_1.2.3+debian.orig.tar.gz
3. If upstream tarball contains non-free components and you want to
include the package in main, and/or, if the upstream tarball contains
non-distributable componentes, you remove them and package the tarball
again by adding +dfsg to the version. E.g. foo_1.2.3.orig.tar.gz becomes
foo_1.2.3+dfsg.orig.tar.gz.
If you, like here, expect to have more than one revision of the same
orig.tar.gz because you are subsequently removing stuff but in absence
of a new upstream release, then you add instead of +dsfg the tag
+dfsg$int to the version. E.g. the first changed tarball would be
foo_1.2.3+dfsg1.orig.tar.gz, the second foo_1.2.3+dfsg2.orig.tar.gz etc..
Please do the following now:
* Rebuild the orig.tar.gz according to the rules above.
* Document every removal in the upstream tarball in README.Debian (or
README.Debian.upstream or README.Debian.sources if you have already
a README.Debian).
* Note the rebuild of the tarball in the changelog, but do not close
the bug.
* Upload it to mentors, tell me about it so I can upload it.
* Retitle the bug to some more generic title about missing license
information, and remove the pending tag.
Regards,
Daniel
--
Address: Daniel Baumann, Burgunderstrasse 3, CH-4562 Biberist
Email: [EMAIL PROTECTED]
Internet: http://people.panthera-systems.net/~daniel-baumann/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
