Your message dated Sat, 27 Aug 2022 19:04:14 +0000 with message-id <e1os16m-00azag...@fasolo.debian.org> and subject line Bug#1017083: fixed in bibledit 5.0.986-1 has caused the Debian Bug report #1017083, regarding bibledit: Some sources are not included in your package to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1017083: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017083 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: bibledit Version: 5.0.983-1 Severity: serious Tags: upstream ftbfs security Justification: DFSG #2 X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>, debian...@lists.debian.org Dear Maintainer, Your package includes some files that seem to lack sources in preferred forms of modification: # Several minified Javascript objects are included. Upstream did this intentionally. There is several minifiers, like YUI, Uglify.JS, and others. Each of them employs their own algorithms to makes the source smaller. Upstream included the minified versions provided by the developers. This way they are more sure to have well-tested and reliable minified objects. [jquery/jquery-3.5.1.min.js] # Several minified Javascript objects are included. Upstream did this intentionally. There is several minifiers, like YUI, Uglify.JS, and others. Each of them employs their own algorithms to makes the source smaller. Upstream included the minified versions provided by the developers. This way they are more sure to have well-tested and reliable minified objects. [jquery/jquery.touchSwipe.min.js] # Several minified Javascript objects are included. Upstream did this intentionally. There is several minifiers, like YUI, Uglify.JS, and others. Each of them employs their own algorithms to makes the source smaller. Upstream included the minified versions provided by the developers. This way they are more sure to have well-tested and reliable minified objects. [nicedit/nicedit.min.js] # Several minified Javascript objects are included. Upstream did this intentionally. There is several minifiers, like YUI, Uglify.JS, and others. Each of them employs their own algorithms to makes the source smaller. Upstream included the minified versions provided by the developers. This way they are more sure to have well-tested and reliable minified objects. [notifit/notifit.min.js] # Several minified Javascript objects are included. Upstream did this intentionally. There is several minifiers, like YUI, Uglify.JS, and others. Each of them employs their own algorithms to makes the source smaller. Upstream included the minified versions provided by the developers. This way they are more sure to have well-tested and reliable minified objects. [quill/1.1.5/quill.core.js] # Several minified Javascript objects are included. Upstream did this intentionally. There is several minifiers, like YUI, Uglify.JS, and others. Each of them employs their own algorithms to makes the source smaller. Upstream included the minified versions provided by the developers. This way they are more sure to have well-tested and reliable minified objects. [quill/1.1.5/quill.js] # Several minified Javascript objects are included. Upstream did this intentionally. There is several minifiers, like YUI, Uglify.JS, and others. Each of them employs their own algorithms to makes the source smaller. Upstream included the minified versions provided by the developers. This way they are more sure to have well-tested and reliable minified objects. [quill/1.1.5/quill.min.js] # Several minified Javascript objects are included. Upstream did this intentionally. There is several minifiers, like YUI, Uglify.JS, and others. Each of them employs their own algorithms to makes the source smaller. Upstream included the minified versions provided by the developers. This way they are more sure to have well-tested and reliable minified objects. [quill/1.3.6/quill.core.js] # Several minified Javascript objects are included. Upstream did this intentionally. There is several minifiers, like YUI, Uglify.JS, and others. Each of them employs their own algorithms to makes the source smaller. Upstream included the minified versions provided by the developers. This way they are more sure to have well-tested and reliable minified objects. [quill/1.3.6/quill.js] # Several minified Javascript objects are included. Upstream did this intentionally. There is several minifiers, like YUI, Uglify.JS, and others. Each of them employs their own algorithms to makes the source smaller. Upstream included the minified versions provided by the developers. This way they are more sure to have well-tested and reliable minified objects. [quill/1.3.6/quill.min.js] # Several minified Javascript objects are included. Upstream did this intentionally. There is several minifiers, like YUI, Uglify.JS, and others. Each of them employs their own algorithms to makes the source smaller. Upstream included the minified versions provided by the developers. This way they are more sure to have well-tested and reliable minified objects. [quill/quill.core.js] # Several minified Javascript objects are included. Upstream did this intentionally. There is several minifiers, like YUI, Uglify.JS, and others. Each of them employs their own algorithms to makes the source smaller. Upstream included the minified versions provided by the developers. This way they are more sure to have well-tested and reliable minified objects. [quill/quill.js] # Several minified Javascript objects are included. Upstream did this intentionally. There is several minifiers, like YUI, Uglify.JS, and others. Each of them employs their own algorithms to makes the source smaller. Upstream included the minified versions provided by the developers. This way they are more sure to have well-tested and reliable minified objects. [quill/quill.min.js] # Several minified Javascript objects are included. Upstream did this intentionally. There is several minifiers, like YUI, Uglify.JS, and others. Each of them employs their own algorithms to makes the source smaller. Upstream included the minified versions provided by the developers. This way they are more sure to have well-tested and reliable minified objects. [rangy13/rangy-classapplier.min.js] # Several minified Javascript objects are included. Upstream did this intentionally. There is several minifiers, like YUI, Uglify.JS, and others. Each of them employs their own algorithms to makes the source smaller. Upstream included the minified versions provided by the developers. This way they are more sure to have well-tested and reliable minified objects. [rangy13/rangy-core.min.js] # Several minified Javascript objects are included. Upstream did this intentionally. There is several minifiers, like YUI, Uglify.JS, and others. Each of them employs their own algorithms to makes the source smaller. Upstream included the minified versions provided by the developers. This way they are more sure to have well-tested and reliable minified objects. [rangy13/rangy-highlighter.min.js] # Several minified Javascript objects are included. Upstream did this intentionally. There is several minifiers, like YUI, Uglify.JS, and others. Each of them employs their own algorithms to makes the source smaller. Upstream included the minified versions provided by the developers. This way they are more sure to have well-tested and reliable minified objects. [rangy13/rangy-selectionsaverestore.min.js] # Several minified Javascript objects are included. Upstream did this intentionally. There is several minifiers, like YUI, Uglify.JS, and others. Each of them employs their own algorithms to makes the source smaller. Upstream included the minified versions provided by the developers. This way they are more sure to have well-tested and reliable minified objects. [rangy13/rangy-serializer.min.js] # Several minified Javascript objects are included. Upstream did this intentionally. There is several minifiers, like YUI, Uglify.JS, and others. Each of them employs their own algorithms to makes the source smaller. Upstream included the minified versions provided by the developers. This way they are more sure to have well-tested and reliable minified objects. [rangy13/rangy-textrange.min.js] {list of files} According to Debian Free Software Guidelines [1] (DFSG) #2: "The program must include source code, and must allow distribution in source code as well as compiled form." In some cases this could also constitute a license violation for some copyleft licenses such as the GNU GPL. (While sometimes the licence allows not to ship the source, the DFSG always mandates source code.) Moreover minified javascript not recompiled from source is a security bug (outdated library and trust on the upstream minifier) In order to solve this problem, you could: 1. add the source files to "debian/missing-sources" directory. 2. repack the origin tarball and add the missing source files to it. Both ways satisfy the requirement to ship all source code. The second option might be preferable due to the following reasons [2]: - Upstream can do it too and you could even supply a patch to them, thus fulfilling our social contract [3], see particularly §2. - If source and non-source are in different locations, ftpmasters may miss the source and (needlessly) reject the package. - The source isn't duplicated in every .diff.gz/.debian.tar.* (though this only really matters for larger sources). You could also ask debian...@lists.debian.org or #debian-qa for more guidance. [1] https://www.debian.org/social_contract.en.html#guidelines [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736873#8 [3] https://www.debian.org/social_contract -- System Information: Debian Release: bookworm/sid APT prefers testing APT policy: (900, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.18.0-2-rt-amd64 (SMP w/4 CPU threads; PREEMPT) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---Source: bibledit Source-Version: 5.0.986-1 Done: Teus Benschop <teusbensc...@debian.org> We believe that the bug you reported is fixed in the latest version of bibledit, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1017...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Teus Benschop <teusbensc...@debian.org> (supplier of updated bibledit package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 27 Aug 2022 20:30:48 +0200 Source: bibledit Architecture: source Version: 5.0.986-1 Distribution: unstable Urgency: medium Maintainer: CrossWire Packaging Team <pkg-crosswire-de...@alioth-lists.debian.net> Changed-By: Teus Benschop <teusbensc...@debian.org> Closes: 1017083 Changes: bibledit (5.0.986-1) unstable; urgency=medium . [ Bastian Germann ] * Record new upstream source URL . [ Teus Benschop ] * New upstream version 5.0.986, closes: #1017083 Checksums-Sha1: cb1c4fb0ac55e96feade977f4040df1f8debebee 2359 bibledit_5.0.986-1.dsc 1bf131fb1494ff1dff388c80e9fe428541993e5e 65072299 bibledit_5.0.986.orig.tar.gz 02fefbf9429717668d8aae7b6ccd9a2da6d4ec9e 10008 bibledit_5.0.986-1.debian.tar.xz f8075e0bd8b94677477c4918604283e8b4eb9b7e 16368 bibledit_5.0.986-1_source.buildinfo Checksums-Sha256: d9f8988ecc9074c90c534c002b1fb1279cde84cc0ec06829df960ad7b80f07bb 2359 bibledit_5.0.986-1.dsc d112a837930f61d309f01fb092bb60fe254c0d69f43b65e5069eca18775cfb4c 65072299 bibledit_5.0.986.orig.tar.gz a1108f37f2f6c382b7d97ecefca3467c1ee4babada604780841a47265c74cfac 10008 bibledit_5.0.986-1.debian.tar.xz afe3f9983ea010c2f698989a4ec7c5d99dbd242f09f7be0bdfa857459d56c000 16368 bibledit_5.0.986-1_source.buildinfo Files: 878d4d11f061564142530ce68daf6594 2359 editors optional bibledit_5.0.986-1.dsc ecbcfa52443a281d56fcec3813f4a758 65072299 editors optional bibledit_5.0.986.orig.tar.gz 2ad41150f079c26fe77844fef74f078e 10008 editors optional bibledit_5.0.986-1.debian.tar.xz 7d29c731e84bb1a7107115db8404cc40 16368 editors optional bibledit_5.0.986-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJMBAEBCgA2FiEEher+5c8s1QBza9jekwIrrQVjpR0FAmMKZyAYHHRldXNiZW5z Y2hvcEBkZWJpYW4ub3JnAAoJEJMCK60FY6UdNAUQAI1jcPH00SM7s7rNJWG7nVWY +cQr8gh9E3k629W09GibsYwyFY3IMdMURrvfRK8LqkAsfVqCAkcUp6YbE4EuEPtL EfMJGITWavGOqMueGSOjPkcO6dFzzcQIhV8BUihglIDyv7tq6k+96dGkffcQzXwX DYlZZK3MBUGWt+9NuV27gub9W/R8mABKH+OFrSN/lLWMVyM/m4bV9OmqlBTB2OMR uRXjlNugDZAAGfvLlhq6CZQrXgs6FW8RDTQG3Vul2XpvgOK4wlnCjeqJUi5CC+Ch 7sqydZwN14dEmcdklujPU+u6c3Mz2rF4DIphUZp9LO5U2pJVVLqhXj5sYKfa1Xxj ubYhopVvsMh1+3bMwm8SrJESLIvRV4UPf70ttfUPIf0g8l22hr8SZuQjoKi2dzqL jejoroi6Sx3H4AeFnnUV+IGgBVfb+vF2mDmI+m2PjfOulBCu5bsX6P3ADpkQzQ+n 7lrbA6UvMGZN9xoXgK+0ozUE02SpJ62anbkzR5rMumRy39zsA186DOY4y5yjesJZ 05NEdMBL9n+fDvbYc8zURscPwjtsdDxW+X4Kw3ydAzHAFs3lL7NmxMzGYLAiH4LE HoxpE+BuWV7zhSS3fro1e9aqF+jci7+ivoDrLmUjg5fXbHcM3I68dUH33zOc/9a5 CU5KBahIMiwHkgtqDLTF =emh8 -----END PGP SIGNATURE-----
--- End Message ---
