Hello, On Thu 20 Jun 2019 at 08:34AM +02, Johannes Schauer wrote: > We have a similar issue but a less severe one because this is only one package > and not a whole ecosystem of them. Since the required tooling is currently > missing, I guess any maintainer of PyMuPDF would need to closely follow mupdf > development and trigger binNMUs as necessary. Hmm. If I was going to upload this myself I'd want to give the security team to a chance to object to this way of going forward. > d/copyright only documents the contents of the source package. As far as I know > we do not yet have means to also document the inferred license of any generated > binary artifacts? Good point, but an ftpteam member is going to have to go through the reasoning to confirm that the binary package is DFSG-free, so it might help to have that documented in some sort of text file in the source package. -- Sean Whitton
Attachment:
signature.asc
Description: PGP signature