Hi Afif,
Yes, I need help. I've done some more reading and the situation is that:
- upstream uses an apparently modified version of the random number
generator mt19937ar [1]
- The developers of mt19937ar have a whole suite of implementations
[2-3], and only some of them appear to be in Debian.
- mt19937ar is apparently not one of those versions that are in
debian, but given that it is modified anyway, I'm not sure what
should be done.
Should I just leave the included copy in there?
This is the kind of questions that could be thrown at the
debian-mentors@lists.debian.org list. On the other hand for the moment
we might go with the changed code copy. Please document your research
results (= the text above) in a file debian/README.source. This will
save other people some work once somebody might consider doing the
removal of the code.
For kazlib, I have a slight concern. The version in Debian is newer
than what was bundled in the source (not by much: it looks like 1.21
vs 1.20), but I have seen while grepping the kmer source comments
like "My hacked kazlib returns pointers". Should I rely on the
package's tests to pick up and potential problems resulting from
this?
From my point of view the tests are designed to reproduce expected
results. A software should not break if a depencency is upgraded. The
later is a totally normal thing and happens all the time. So if you do
not have any strong reasons to assume that the newer versions might
create any trouble I think this is OK.