On Wednesday, January 22, 2025 6:52:34 PM MST Glenn Strauss wrote:
> PLEASE NOTE: **none** of the issues you raised are reported on
> https://tracker.debian.org/pkg/lighttpd
tracker.debian.org is a nice tool, but it does not contain a comprehensive list of all the problems with a package, particularly those that need human review to identify.
> PLEASE NOTE: **all** of the issues you raised are present in the prior
> lighttpd package. Why is this suddenly a blocker to release rather than
> suggestions for a future release?
Many Debian packages have problems that existed in previous releases. A RFS is a good time to identify and correct them.
> > 3. Licenses [4]: Issue
> >
> > philwyett@ks-tarkin:~/Development/builder/debian/lighttpd$ lrc
> > en: Versions: recon '3.4' check '3.3.9-1'
> >
> > Parsing Source Tree ....
> > Reading d/copyright ....
> >
> > Missing Files: Paragraph for debian/
> >
> > Running licensecheck ....
> >
> > d/copyright | licensecheck
> >
> > BSD-3-clause | GPL-1 debian/lighty-enable-mod
> >
> > File states:
> >
> > # You may distribute under the terms of either the GNU General Public
> > # License[1] or the Artistic License[2].
>
> This is not reported on https://tracker.debian.org/pkg/lighttpd
I would not expect it to be. tracker.debian.org does not do any automatic checking of licensing information because it is too easy to hit false positives.
> This is newly reported, as this file has been part of the lighttpd
> debian package circa 2006.
A lot of time licensing information is missed. One of the great things that Phil is doing is running lrc (licence recon, which is a relatively new tool that I don’t think was available in 2006) against every RFS package, which is illuminating a lot of tricky licensing issues. However, you should note that lrc is prone to a lot of false positives (because parsing licensing information is difficult, so it is not run automatically in places like tracker.debian.org. When you do find a false positive, you can override it similar to how you override incorrect lintian tags. For example:
https://salsa.debian.org/soren/privacybrowser/-/blob/master/debian/lrc.config?ref_type=heads
--
Soren Stoutner
soren@debian.org
Attachment:
signature.asc
Description: This is a digitally signed message part.