Bug#882568: RFS: nq/0.2.1-1 [ITP]

To: Vincent Bernat <bernat@debian.org>
Cc: 882568@bugs.debian.org
Subject: Bug#882568: RFS: nq/0.2.1-1 [ITP]
From: Nicolas Braud-Santoni <nicolas@braud-santoni.eu>
Date: Fri, 24 Nov 2017 21:25:55 +0100
Message-id: <[🔎] 20171124202555.e6p3jnk7cq7trvar@bogus>
Reply-to: Nicolas Braud-Santoni <nicolas@braud-santoni.eu>, 882568@bugs.debian.org
In-reply-to: <[🔎] m3k1yfa3ek.fsf@luffy.cx>
References: <[🔎] 151148785076.16792.3245636392322794230.reportbug@harbard.iaik.tugraz.at> <[🔎] m3o9ns9mhg.fsf@luffy.cx> <[🔎] 20171124164849.xfpvo6kvfyknprho@bogus> <[🔎] m3k1yfa3ek.fsf@luffy.cx> <[🔎] 151148785076.16792.3245636392322794230.reportbug@harbard.iaik.tugraz.at>

On Fri, Nov 24, 2017 at 08:21:39PM +0100, Vincent Bernat wrote:
>  ❦ 24 novembre 2017 17:48 +0100, Nicolas Braud-Santoni <nicolas@braud-santoni.eu> :
> 
> > - include the whole CC0 license in debian/copyright
> >   (this is already uploaded to mentors.d.n);
> > - open a bug against base-files to ship the CC0 in /usr/share/common-licences
> > - open bugs against concerned packages, to refer to the licence's text
> >   as installed by base-files;  (what should the severity be? I guess serious,
> >   since it is a violation of Debian policy 12.5 [1])
> >
> > [0]: https://codesearch.debian.net/search?q=path%3Adebian%2Fcopyright+CC0
> > [1]: https://www.debian.org/doc/debian-policy/#copyright-information
> 
> Any MBF should be discussed first on debian-devel@ first. For me,
> this seems a small violation and it would be preferable to stick with
> severity normal to not appear too agressive.

Only 8 source packages are concerned (re: not shipping the CC0 text),
so I didn't realise that constituted a MBF.

Thanks for the advise on the severity, I was under the impression that all
policy violations should be `serious` or greater.  How should I proceed?


> >> You override the debian-watch-may-check-gpg-signature, but you also need
> >> to override orig-tarball-missing-upstream-signature. Since the tooling
> >> to check signatures the way you need it is not here, an alternative
> >> would be to not ship upstream GPG signature.
> >
> > That's something lintian picks up in the changes file, and there is currently
> > no way to override those, if I'm not mistaken:
> >
> >   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575400
> 
> Oh, yes, I remember now. On my own packages, I have removed the GPG
> signature because of this. I don't know what's the stance of the FTP
> masters on this particular problem, so I don't know if it's best to get
> rid of the warning or just leave it as is. In your case, I would just
> remove the key since it is not used.

I would rather keep it there, to make it obvious which signing (sub)key
I am trusting for upstream.  :)


> > Thanks a bunch for the review,
> 
> Looks good. Tell me what you want to do about the remaining lintian
> warning.

If that's fine by you, I would rather have it uploaded as-is.


Thanks,

  nicoo

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Bug#882568: RFS: nq/0.2.1-1 [ITP]
  - From: Vincent Bernat <bernat@debian.org>

References:
- Bug#882568: RFS: nq/0.2.1-1 [ITP]
  - From: Nicolas Braud-Santoni <nicolas@braud-santoni.eu>
- Bug#882568: RFS: nq/0.2.1-1 [ITP]
  - From: Vincent Bernat <bernat@debian.org>
- Bug#882568: RFS: nq/0.2.1-1 [ITP]
  - From: Nicolas Braud-Santoni <nicolas@braud-santoni.eu>
- Bug#882568: RFS: nq/0.2.1-1 [ITP]
  - From: Vincent Bernat <bernat@debian.org>

Prev by Date: Bug#882568: RFS: nq/0.2.1-1 [ITP]
Next by Date: Bug#882568: RFS: nq/0.2.1-1 [ITP]
Previous by thread: Bug#882568: RFS: nq/0.2.1-1 [ITP]
Next by thread: Bug#882568: RFS: nq/0.2.1-1 [ITP]
Index(es):
- Date
- Thread