Re: ITP: 700998 & 700100 libsereal-decoder-perl & libsereal-encoder-perl

To: debian-perl@lists.debian.org
Subject: Re: ITP: 700998 & 700100 libsereal-decoder-perl & libsereal-encoder-perl
From: gregor herrmann <gregoa@debian.org>
Date: Thu, 21 Feb 2013 11:25:45 +0100
Message-id: <[🔎] 20130221102545.GH25488@colleen.colgarra.priv.at>
Mail-followup-to: debian-perl@lists.debian.org
In-reply-to: <[🔎] 5125F317.7080504@biotec.tu-dresden.de>
References: <[🔎] 5124D59E.9010900@biotec.tu-dresden.de> <[🔎] 20130220174221.GK8380@jadzia.comodo.priv.at> <[🔎] 5125F317.7080504@biotec.tu-dresden.de>

On Thu, 21 Feb 2013 11:12:39 +0100, Alex Mestiashvili wrote:

> >> I've packaged libsereal-decoder-perl [0] & libsereal-encoder-perl [1].
> >> Could you please review it ?
> > Done. I've added some TODO items to libsereal-decoder-perl's
> > d/changelog, and libsereal-encoder-perl seems to have the same issues
> > :)
> Thanks, great list, should print it out and put it on the wall :)

:)

> snappy/* distributed with the modules seem to be heavily modified, so I
> don't think that it can be substituted by  libsnappy-dev from debian.

Oh. Not nice.

I guess it would be good to notify the security team about the
embedded copy:
http://wiki.debian.org/EmbeddedCodeCopies

> regarding  d/copyright
> snappy/* section, I must be missing something, but I don't see why it
> can be omitted.

Sorry for being unclear! Let's try again :)

d/copyright has:

- "Files: snappy/* ..."
  perfectly fine
- "Files: lib/Sereal/Decoder.pm
  Copyright: 
   2012-2013, Steffen Mueller <smueller@cpan.org>
   2012-2013, Yves Orton <yves@cpan.org>
   2011, Google Inc.
   License: Artistic or GPL-1+ or BSD-3-clause"

I suppose that Google and BSD is listed here because it's _mentioned_
in lib/Sereal/Decoder.pm; but as far as I understood the sentence (in
the almost empty and not very google-looking Decoder.pm) it just
_refers_ to the bundled snappy/* directory:

"The license for the enclosed Snappy code is: ..."

And since you already and correctly mentioned this in its own
paragraph, and the snappy code is not _in_ the file
lib/Sereal/Decoder.pm itself, I think that Google Inc. and BSD are
wrong in the "Files: lib/Sereal/Decoder.pm" paragraph and should be
removed.

Since the POD says "portions taken from Marc Lehmann's code for the
JSON::XS module" I'd add this information (maybe as a "Comment:
portions taken from JSON::XS, Copyright XY ML, License: Artistic or
GPL-1+)" for completeness.


Hope that makes more sense :)

> Everything else is done.

Thanks, will take a look in the evening.
 
> > Probably because you didn't file the bugs not against the "wnpp"
> > package but against the not-yet-existing new perl packages :)
> Yes, I've noticed that also, reassigned.

Great.

Cheers,
gregor

-- 
 .''`.  Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer  -  http://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   BOFH excuse #279:  The static electricity routing is acting up...

Reply to:

References:
- ITP: 700998 & 700100 libsereal-decoder-perl & libsereal-encoder-perl
  - From: Alex Mestiashvili <alex@biotec.tu-dresden.de>
- Re: ITP: 700998 & 700100 libsereal-decoder-perl & libsereal-encoder-perl
  - From: gregor herrmann <gregoa@debian.org>
- Re: ITP: 700998 & 700100 libsereal-decoder-perl & libsereal-encoder-perl
  - From: Alex Mestiashvili <alex@biotec.tu-dresden.de>

Prev by Date: Re: ITP: 700998 & 700100 libsereal-decoder-perl & libsereal-encoder-perl
Next by Date: Bug#701221: ITP: libdancer2-perl -- lightweight yet powerful web application framework
Previous by thread: Re: ITP: 700998 & 700100 libsereal-decoder-perl & libsereal-encoder-perl
Next by thread: Bug#701221: ITP: libdancer2-perl -- lightweight yet powerful web application framework
Index(es):
- Date
- Thread