[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFS: minidlna (updated package and FTBFS fix)

2011/7/22 Benoît Knecht <benoit.knecht@fsfe.org>:
> Hi Fernando,
> Fernando Lemos wrote:
>> 2011/7/22 Kilian Krause <kilian@debian.org>:
>> > On Fri, Jul 22, 2011 at 12:36:51PM +0200, Benoît Knecht wrote:
>> >> I am looking for a sponsor for the new version 1.0.21+dfsg-1 of my
>> >> package "minidlna".
>> >> - dget http://mentors.debian.net/debian/pool/main/m/minidlna/minidlna_1.0.21+dfsg-1.dsc
>> >
>> > 1. Your upoad uses a tarball that's not identical to upstream's one. Please
>> >   consider adding a get-orig-tarball target to debian/rules to verify what
>> >   steps are required to generate it.
>> Please take no offense, Benoît. But in such a case, Kilian, can you be
>> sure the source hasn't been tampered with? I'd feel rather
>> unconfortable otherwise.
> I did "tamper" with the source, in the sense that I replaced the
> non-free icons.c file. This is documented in debian/copyright. I'm not
> sure what kind of tampering you're worried about, but you can easily
> check that no other file from upstream was modified.

Again, no offense meant. I have no reason to believe anyone is acting
in bad faith.

Just to clarify, I find it concerning that we might be accepting
source uploads that don't come straight from upstream and don't match
what was released upstream. I'm relieved to hear that there is a way
to ensure in your specific case that the source is the same as shipped
upstream. I wish this was a requirement for new packages entering

Reply to: