Bug#517130: linux-modules-extra-2.6: Potential GPL violations
Package: linux-modules-extra-2.6
Version: 2.6.26-6
Severity: serious
Dear all,
Shortly before the lenny release, it was noted that the
binary packages produced by linux-modules-extra-2.6 contain absolutely
no relation to the source with which they were built. It is therefore
possible, and indeed likely, that the archive may end up containing
binaries for which the source has expired.
This was dealt with (quietly) for lenny by the ftpteam auditing the
build logs and binaries to check that the sources were all present, and
inserting the source entries into the special lenny-r0 suite to ensure
that they will be retained even if their source packages are revised in
a stable point release.
The ftpteam considers this a RC bug for squeeze and an improved manner
of handling the source dependencies for these modules must be found. At
FOSDEM, preliminary discussions were held regarding adding a method by
which binary packages could declare that they were built using a
particular version of another source or binary package so that the
archive can track this and ensure that the relevant source is kept
around. This will of course require some dpkg-dev and dak changes and
consensus that the idea is a sane one before it can be implemented. A
proposal will be sent to debian-devel@ soon. Whichever solution is
arrived at needs to deal with the problem at all points in the release
cycle, not just at stable or point releases.
Thanks,
Mark
(on behalf of the ftpteam)
Reply to: