Hi Nilesh, Sorry for the delay, I begun composing that message yesterday, but I… fell asleep while looking up the legalese… :S Nilesh Patra, on 2021-07-21: > It came to my notice that sambamba does not list copyright holders, > and copyrgiht holders of several files are missing. First and foremost, Thank you for double checking copyright information in existing packages! > I wonder if this is a RC bug, since I've seen a few of these earlier, > for example #823865 In the case of #823865, the status of several sections of the source code seemed problematic with regards to legal compatibility with other components of the package, so the situation seemed rather critical indeed. In the case of sambamba, the missing items were licensed under quite permissive terms, less likely to raise incompatibilities. To sort whether the case of sambamba is RC bug, or just important, the following Debian Policy Manual section 2.3 caught my eye: >> The copyright information for files in a package must be >> copied verbatim into /usr/share/doc/PACKAGE/copyright, when >> all of the following hold: >> 1. the distribution license for those files requires that >> copyright information be included in all copies and/or >> binary distributions; >> 2. the files are shipped in the binary package, either in >> source or compiled form; and >> 3. the form in which the files are present in the binary >> package does not include a plain text version of their >> copyright notices. The license cited were all rather permissive (Expat, Boost-1.0 which does not mandate a notice alongside binaries, Public Domain) and compatible with the one documented (GPL-2+). Their notices are present in the source code, although not necessarily in the d/copyright file to day. I have a doubt on the "shall" of the Expat license. Not being a native English speaker, I'm not too sure if this is nearer to "should" or "must": >> The above copyright notice and this permission notice >> shall be included in all copies or substantial portions >> of the Software. Anyways, I file an important bug to not forget about this issue. The severity can always be adjusted afterwards, if I missed a genuine critical point. > I fixed the copyright stuff, but along with that I did a bunch of other > changes: > > - Repacked shunit2, since it makes no sense to vendor an embedded copy > - Added autopkgtests > - Minor changed to d/watch, d/salsa-ci.yml > - Added d/gbp.conf > - Fixed an override Looks good, although not everything will be welcome in full freeze time. I believe d/copyright will be acceptable even if the bug is only rated "important". I can fork from the tag debian/0.8.0-1 on a bullseye branch, and ready a 0.8.0-2 with a cherry pick of your commit. > All changes on salsa > > Also, I see here[1] that sambamba builds only on amd64 and arm64 because > of missing B-D - so should supported arches in d/control be changed to > only these two? > Similar changes in "Architecture" field in d/tests/control I agree with Steffen that we should keep the Architecture fields unchanged. The missing build dependencies will not prevent the package from migrating, as long as the package has never been available for these architectures. This would give a chance for sambamba to build on the alternative architectures, should the missing dependency become available one day. > I do not have more time to spend with this package, so if @Andreas, > @Etienne, someone else could > revert/add/edit a few changes and sponsor me an upload, I'd really > appreciate that provided this is an RC bug (which I think it is) > > [1]: https://buildd.debian.org/status/package.php?p=sambamba I may have some time to sort the issue and maybe sponsor upload for bullseye this weekend, if I'm not knocked out by my second vaccine injection. Have a nice day, :) -- Étienne Mollier <emollier@emlwks999.eu> Fingerprint: 8f91 b227 c7d6 f2b1 948c 8236 793c f67e 8f0d 11da Sent from /dev/pts/2, please excuse my verbosity.
Attachment:
signature.asc
Description: PGP signature