[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#838495: RFS: python-cartopy/0.14.2-1 [ITP]

On Wed, 2016-10-05 at 17:29 +0200, Frederic Bonnard wrote:
> Hi Ghislain,
> - d/copyright:
>  * based on the headers, I think it's LGPL-3+ rather than LGPL-3

You are correct.

>  * I see several binary files such images and dataset in the source :
>    a) lib/cartopy/data/netcdf/HadISST1_SST_update.nc : according to
>    lib/cartopy/data/netcdf/HadISST1_SST_update.README.txt, I found
> that
>    licensing info :
>    http://www.metoffice.gov.uk/hadobs/hadcruh/licence_ncgl.html which
> points to
>    : http://www.nationalarchives.gov.uk/doc/non-commercial-government
> -licence/non-commercial-government-licence.htm
>    which seems non free (Non Commercial)
>    b) lib/cartopy/data/raster/sample/Miriam.A2012270.2050.2km.jpg has
> this
>    readme :
> lib/cartopy/data/raster/sample/Miriam.A2012270.2050.2km.README.txt ;
> I
>    didn't find on http://lance-modis.eosdis.nasa.gov licensing infos.

Indeed. I have asked upstream for clarification.


Meanwhile, these data could be safely excluded in a repack.

>    c) there's various png in lib/cartopy/tests/mpl/baseline_images
> and I was
>    wondering also about the origin in spite of the global licensing.

They come from matplotlib. I should update the copyright of these
>    Are all those files mandatory? maybe stripping source would help?
> For c)
>    tests/mpl/ is skipped anyway for now, right ?  I don't know for a)
> and b)

These tests are not called indeed, but it is due to a bug in the
packaged version of matplotlib in Debian at the moment. This does not
constitute a valid reason for a repack, I believe.

> - d/rules:
>  * informational lintian hardening-no-bindnow : you should enable
> hardening
>    "all" (https://wiki.debian.org/Hardening/PIEByDefaultTransition
>    , https://wiki.debian.org/Hardening). I noted that pie makes
> compilation
>    fail, but adding :
>    export DEB_BUILD_MAINT_OPTIONS = hardening=+all,-pie
>    does the job.

Nice catch. I will apply your suggestion verbatim.

>  * pedantic image-file-in-usr-lib : the importance of this one has
> been lowered
>    since . I don't know if it's much work to move arch
> independent
>    files in /usr/share.

It would be providing an additional binary package for little benefits
down the line. The static data aren't huge anyway. 

Many thanks for this very constructive review.


Reply to: