Re: Convenience copies in upstream code: dependencies, removal, copyright, and other issues
On Tue, 2009-10-20 at 20:48 +1100, Ben Finney wrote:
> Howdy all,
>
> I recall this discussion occurring a few times, but I'm not sure of the
> recommended best practice.
>
> We can all agree that “convenience copies” of third-party library code
> are to be avoided, and to work with upstream to remove them where
> feasible. What I'm not clear on are the details of dealing with it in
> the interim:
>
> * Declare dependencies on the version of the library in Debian, even
> though that version may be later than the convenience copy currently
> in the original source?
Yes, and possibly patch your program to work with the new version. Note
that it is a policy 'should', so if that is too hard eventually you
could link with the convenience copy while upstream works at it,
provided you notify the security team of the fact (and possibly leaving
your package out of testing).
>
> * Remove the convenience copy from the original source archive, or
> merely from the binary package?
I would say merely from the binary package but...
>
> * Document the convenience copy in the dependent package's ‘copyright’,
> even if it doesn't appear in the binary package?
ftpmasters seem to be requiring everything in the source to be
documented in debian/copyright (really annoying, I know). If the library
copied is large enough, it might be easier to repack instead of
documenting it. Specially if it is not the same version as the package
in Debian.
--
Saludos,
Felipe Sateler
Reply to: