[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Pkg-haskell-commits] darcs: haskell-yaml: Disable patch to use system libyaml.

Thanks for the heads-up. As I'm an amateur at copyright law, where
would be the most logical place to put it? c/LICENSE, LICENSE-libyaml?
Suggestions definitely welcome.

On Wed, Sep 14, 2011 at 11:35 AM, Joachim Breitner <nomeata@debian.org> wrote:
> @Michael: See further below for the part relevant to you.
>
> Hi Clint,
>
> I just saw this patch:
>
> Am Mittwoch, den 14.09.2011, 00:54 +0000 schrieb clint@debian.org:
>> Wed Sep 14 00:54:00 UTC 2011  clint@debian.org
>>   * Disable patch to use system libyaml.
>>   Ignore-this: e082ab323e1444441552aaff99e4e9d7
>>
>>     M ./changelog +6
>>     M ./patches/series -1 +1
>>
>> Wed Sep 14 00:54:00 UTC 2011  clint@debian.org
>>   * Disable patch to use system libyaml.
>>   Ignore-this: e082ab323e1444441552aaff99e4e9d7
>> diff -rN -u old-haskell-yaml//changelog new-haskell-yaml//changelog
>> --- old-haskell-yaml//changelog       2011-09-14 00:54:10.082332489 +0000
>> +++ new-haskell-yaml//changelog       2011-09-14 00:54:10.086335051 +0000
>> @@ -1,3 +1,9 @@
>> +haskell-yaml (0.4.1-2) unstable; urgency=low
>> +
>> +  * Disable patch to use system libyaml.
>> +
>> + -- Clint Adams <clint@debian.org>  Tue, 13 Sep 2011 20:42:31 -0400
>> +
>>  haskell-yaml (0.4.1-1) unstable; urgency=low
>>
>>    * Initial release.
>> diff -rN -u old-haskell-yaml//patches/series new-haskell-yaml//patches/series
>> --- old-haskell-yaml//patches/series  2011-09-14 00:54:10.074333604 +0000
>> +++ new-haskell-yaml//patches/series  2011-09-14 00:54:10.090334506 +0000
>> @@ -1 +1 @@
>> -use-shared-libyaml.diff
>> +#use-shared-libyaml.diff
>
> I’m curious: Why did you have to remove that patch? In Debian, we avoid
> convenience copies when possible, e.g. for security reasons: Judging
> from http://pyyaml.org/log/ version 0.1.4 removed a pointer arithmetic
> overflow, this fix seems to be not included in the included copy. (I did
> not check if it is exploitable or not.)
>
> Additionally, debian/copyright does not mention the copyright and
> license of the embedded libyaml copy. The yaml haskell package does not
> include it. This seems to be actually a copyright violation – hence the
> CC to Michael Snoyman.
>
> Both are BSD-like licensed, so there is no conflict, but the actual
> licenses differ slightly, but in any case the libyaml license and
> copyright needs to be added to debian/copyright.
>
> And finally, if you have to use the embedded copy, you can  remove the
> build-dependency on libyaml-dev.
>
> Greetings,
> Joachim
>
> PS, to be not only complaining: Thanks for your work on packaging yesod.
> I’m looking forward to the results, as I am considering yesod for a
> project that I’m about to start.
>
> --
> Joachim "nomeata" Breitner
> Debian Developer
>  nomeata@debian.org | ICQ# 74513189 | GPG-Keyid: 4743206C
>  JID: nomeata@joachim-breitner.de | http://people.debian.org/~nomeata
>
Reply to: