Simon Josefsson wrote: > Some raised a concern with false positives in my reports -- and also > tagged all the bugs with etch-ignore. I went through all bug reports > manually yesterday (see earlier mail), but I also realized that it > would be possible to do this automatically, to provide further > assurance that the bugs indicate real and confirmed problems. Note that it was not the only reason to tag them etch-ignore... > I've updated my script to do this, view it last on the page: > http://wiki.debian.org/NonFreeIETFDocuments > > The script will run md5sum on the RFC/I-D in source packages, and > compare them against a known-real repository (rsync'ed against > ftp.rfc-editor.org). > > The output of the script is very long, so I won't include it here. An > URL to it is: > http://josefsson.org/bcp78broken/debian-ietf-documents-diff.txt > > To parse the output yourself, look for lines beginning with 'pkg'. > Those denote the start of a new package with potential problems. > After that there will be lines such as 'tar xfz...' and two MD5 sums. > If the MD5 sums match, it will print MATCH. If the MD5 sums mismatch, > it will print MISMATCH. If it can't find a known-good file to compare > with, it prints FETCH-FAIL. > > Some statistics: > 74 packages > 401 MATCH, i.e., the RFC in the source package is an authentic RFC > 79 MISMATCH, i.e., the RFC differ from the authentic RFC > 6 FETCH-FAIL Note that not all authentic RFC documents have the same license, some of them are probably even DFSG compliant... So there can be more than 79 false positives... Cheers Luk -- Luk Claes - http://people.debian.org/~luk - GPG key 1024D/9B7C328D Fingerprint: D5AF 25FB 316B 53BB 08E7 F999 E544 DE07 9B7C 328D
Attachment:
signature.asc
Description: OpenPGP digital signature