[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#884651: RFS: stlcmd/1.0-1 [ITP]

On Mon, Dec 18, 2017 at 04:00:53PM -0700, John Allwine wrote:
> The signing-key.asc is for uscan when checking for updates in the watch. 
> Am I supposed to sign the orig tar ball?

Well, how else can uscan verify it?
It's also used to verify the orig tarball once it's in the archive.

On the other hand, signed tarballs are far less useful when maintainer is
the same person as upstream -- you don't need to rely on any untrusted
paths.

> I left it as UNRELEASED as that was suggested in the walkthrough I went
> through.  I can change it to unstable.

Usually, UNRELEASED means the package is not yet ready for uploading.  This
obviously conflicts with a request to upload the package to the official
archive.  I can change this myself, but it's better to ask.

> Will add the original license of CSG.js as well.

Both the fork and the original have plausibly looking statements on their
front pages on GitHub.  That is:

Copyright (c) 2012 Joost Nieuwenhuijse (joost@newhouse.nl)
Copyright (c) 2011 Evan Wallace (http://madebyevan.com/)
License: MIT


Meow!
-- 
// If you believe in so-called "intellectual property", please immediately
// cease using counterfeit alphabets.  Instead, contact the nearest temple
// of Amon, whose priests will provide you with scribal services for all
// your writing needs, for Reasonable And Non-Discriminatory prices.
Reply to: