Control: retitle -1 RFP: golang-github-pierrec-lz4.v4 -- LZ4 compression and decompression in pure Go (v4) Control: noowner -1 TLDR: this missing package is blocking updates for syncthing as well as golang-github-gocql-gocql. It will be more challenging to maintain syncthing (backported fixes for CVEs) in bookworm if we get stuck with 1.19.2, from 05 April 2022 rather than 1.22.x or 1.23.x. Hi Eric, Aloïs, Alexandre, and Go Team, There is no longer a package waiting for review in NEW. I missed a few Gutenberg headers in my review; however, strictly speaking, this might be what FTP Masters are objecting to (without saying so), because there is less precedent for implicit Gutenberg license to 3-clause-BSD has than public domain to 3-clause-BSD. Upstream would need to exercise his public domain right to remove the Gutenberg headers, and some FTP Masters appear to also be angling for an explicit upstream public_domain to 3-clause-BSD record, even though this isn't required. Yet there is precedent in the GCC package (and golang package) for how this isn't a real problem...In these two places, the copyright information appears to have been strategically omitted from the copyright file. This is 100% valid in places that recognise public domain works (eg: works that have no copyright, not even moral rights), but I fail to see how it's acceptable for world-wide scope for some packages but not others. It's fastest to just remove all the tests. If the newest src:syncthing 1.19.2 tests for correct operation of lz4.v4 compression on buildds and DebCI than this may not be as horrifying at it seems. It may also be sufficient to remove the fuzz and testdata from the single binary package, but I feel like that depends on which FTP Master reviews the package. We're running out of time to fix this for bookworm, so I leave this to someone else. Here's the remote: git@salsa.debian.org:go-team/packages/golang-github-pierrec-lz4.v4.git Regards, Nicholas
Attachment:
signature.asc
Description: PGP signature