Re: How to handle unused third party libraries in upstream tarball
On Mon, May 25, 2015 at 10:07 PM, Cesare Falco wrote:
> 2015-05-25 10:54 GMT+02:00 Paul Wise:
>> Do you mean that one part would be DFSG-free but the other part would not?
>
> yes, but I can't remember where I read this. :-(
Sigh, one should never celebrate too soon when things are alleged to
being freed.
I hope that the non-free parts and the free parts don't have
incompatible licenses, that would be worse than the current situation.
> The only public statement available is about licensing status of so-far
> contributed code:
> https://github.com/mamedev/mame
Thanks for the info, what they have written there makes it sound like
mame will be fully DSFG-free and licensed using multiple compatible
licenses, both permissive and copyleft..
> But what about the stuff which is _not_ distributed with the binaries once
> they
> are built? For example there's GENie, a set of lua script written to aid
> generation of makefiles specific to the environment. Or the lua engine
> itself
> for the matter, which I'm still figuring out whether is used at runtime.
If those originated elsewhere, they should be packaged separately too.
GENie definitely is and the lua engine definitely is. GENie is itself
a fork of another project (premake4, already in Debian), the security
team also tracks forks so please do let them know about that when
packaging it.
https://github.com/bkaradzic/genie/
https://anonscm.debian.org/viewvc/secure-testing/data/embedded-code-copies?view=co
https://lists.debian.org/debian-security-tracker/
--
bye,
pabs
https://wiki.debian.org/PaulWise
Reply to: