Re: Request to review and upload libewf 20140814-1
Hello Fukui,
I know it has been more than 7 days since you asked for the review, so
I'm prioritizing this, although it will take me a couple of days until
I get enough time to review it.
As a rule of thumb, I try to always tell people that they are free to
ping me after 7 days if they don't get a reply, it probably means I
missed it, and if not, I should have at least replied something by
that time.
> I've created a new version of the libewf package [0], which is going to be 20140814-1 with this update.
> This version introduces the following changes:
> * New upstream version 20140814
> * Update d/copyright
>
> This new source package was tested using salsa-ci,
> and all jobs successfully passed except for test-crossbuild-arm64 [1].
> I believe the git repository was successfully recreated to avoid a sponsor rebasing my branch on top of the team's repo.
> That said, if things are wrong, please let me know.
>
> If this update is satisfactory and helpful,
> I would appreciate it if you review and sponsor the package.
Great, thanks for the level of details in your email :)
> By the way, I found that some external libraries are embedded into the libewf source package, such as libodraw.
> I wonder whether we need to separate such libraries from the libewf source package.
> If they are successfully separated, that would make it easier to maintain and update the package.
> If you have some idea about this, kindly share it with me.
> To find out what packages are embedded, synclibs.sh would be helpful:
> $ git clone https://github.com/libyal/libewf.git
> $ cd libewf/
> $ ./synclibs.sh
There have been a couple of discussions about this in the past, you
can see them here, the consensus seems to be on the side of sticking
with the vendored libs:
https://lists.debian.org/debian-security-tools/2021/10/msg00018.html
https://lists.debian.org/debian-security-tools/2020/12/msg00012.html
Thank you for contributing!
--
Samuel Henrique <samueloph>
Reply to: