[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: virtualbox-ose: package hijack?



On 11133 March 1977, Michael Meskes wrote:

Not rating the act of adding/removing maintainers in an upload, just one
thing:

> But he not just added himself, he also changed some packaging stuff and
> upgraded to a new upstream version. This seems to be done in a hurry as
> he missed some licensing issues. We now have several files in the
> archive with the following license:
> ;  Copyright (C) 2006-2007 innotek GmbH

> ;  innotek GmbH confidential
> ;  All rights reserved

> Uh, ouch, shouldn't be there, right? That's why I CC ftpmasters. Work is
> underway to create a valid 1.5.0 package, but there's a reason why we
> first fixed stuff in the 1.4.0 version. Since this may take another day
> or two, I wonder whether out admins would like to react and remover this
> version asap.

> As both me and also Patrick are in contact with upstream, this is a
> pending issue solved in hopefully short time.

NO. There is absolutely no reason to *knowingly* upload a non-free
tarball, even named ".dfsg". People doing that should immediately
resign.

Especially not after that one package here got some 3 or 4 rejects due
to non-free / license problems.

> Upstream is generally cooperative and understands the problems, hence I
> see this a bit more relaxed (for the next few days only, until it's
> sorted out). However, if ftp-master do disagree, I'll can re-upload
> 1.4.0, superseeding the 1.5.0 upload.

"Yay, Upstream understands the problem, lets upload non-free crap to main" does
not work.

Fix it.

-- 
bye Joerg
[2.6.15.4 direkt nach 2.6.15.3]
<HE> Linus muss Gentooler hassen.
<formorer> wieso?
<HE> Naja, die dürften ihre optimierten Kernel gerade fertig gebaut
        haben und müssen jetzt aus prompter Versionitis auf das
        Ausprobieren verzichten und den neuen kompilieren... 

Attachment: pgpy44OMjKytN.pgp
Description: PGP signature


Reply to: