Bug#838495: RFS: python-cartopy/0.14.2-1 [ITP]
On Wed, 2016-10-05 at 17:29 +0200, Frederic Bonnard wrote:
> Hi Ghislain,
> - d/copyright:
> * based on the headers, I think it's LGPL-3+ rather than LGPL-3
You are correct.
> * I see several binary files such images and dataset in the source :
> a) lib/cartopy/data/netcdf/HadISST1_SST_update.nc : according to
> lib/cartopy/data/netcdf/HadISST1_SST_update.README.txt, I found
> licensing info :
> http://www.metoffice.gov.uk/hadobs/hadcruh/licence_ncgl.html which
> points to
> : http://www.nationalarchives.gov.uk/doc/non-commercial-government
> which seems non free (Non Commercial)
> b) lib/cartopy/data/raster/sample/Miriam.A2012270.2050.2km.jpg has
> readme :
> lib/cartopy/data/raster/sample/Miriam.A2012270.2050.2km.README.txt ;
> didn't find on http://lance-modis.eosdis.nasa.gov licensing infos.
Indeed. I have asked upstream for clarification.
Meanwhile, these data could be safely excluded in a repack.
> c) there's various png in lib/cartopy/tests/mpl/baseline_images
> and I was
> wondering also about the origin in spite of the global licensing.
They come from matplotlib. I should update the copyright of these
> Are all those files mandatory? maybe stripping source would help?
> For c)
> tests/mpl/ is skipped anyway for now, right ? I don't know for a)
> and b)
These tests are not called indeed, but it is due to a bug in the
packaged version of matplotlib in Debian at the moment. This does not
constitute a valid reason for a repack, I believe.
> - d/rules:
> * informational lintian hardening-no-bindnow : you should enable
> "all" (https://wiki.debian.org/Hardening/PIEByDefaultTransition
> , https://wiki.debian.org/Hardening). I noted that pie makes
> fail, but adding :
> export DEB_BUILD_MAINT_OPTIONS = hardening=+all,-pie
> does the job.
Nice catch. I will apply your suggestion verbatim.
> * pedantic image-file-in-usr-lib : the importance of this one has
> been lowered
> since 220.127.116.11 . I don't know if it's much work to move arch
> files in /usr/share.
It would be providing an additional binary package for little benefits
down the line. The static data aren't huge anyway.
Many thanks for this very constructive review.