Am 29.01.2017 um 22:07 schrieb Luca Capello: > Hi there, > > On Fri, 27 Jan 2017 23:08:08 +0100, Nicolas Braud-Santoni wrote: >> On Sun, Dec 25, 2016 at 03:29:39PM +0100, Luca Capello wrote: >>> >>> sorry for the late reply, the package was rejected: >>> >>> <http://lists.alioth.debian.org/pipermail/pkg-auth-maintainers/Week-of-Mon-20161212/000953.html> >> >> Sorry for the even-more-late reply, I was ill the last few months :( >> >> I built a new version of the package >> that has updated copyright metadata. > > Thank you. > >>> However, can you first push your changes to the Git repository on >>> Alioth? I find awkward not to use it for Debian work... >> >> It is in the rfs-848327 branch on alioth. > > Again, thank you, two comments not related to the udev rules: > > - there are neither upstream/1.1.3 nor debian/1.1.3-1 tags on Alioth, > which BTW is still missing the upstream and pristine-tar branches, so > no new binary packages can be built from the Alioth Git repository: > > <https://github.com/Yubico/libu2f-host-dpkg/branches> > > - the previous rejection was because of a new license for the CLI tools, > while in the debian/changelog you actually talk about the library > itself, which has always been LGPL-2+: > > <https://github.com/Yubico/libu2f-host/commit/9f53f3ccf81d3e5029eca863014714bf217914e1> > > Both issues should be corrected for me to sponsor your upload. > >>>> This updates brings: >>>> - - a fix for #846358, so that rules for the right udev version are installed; >>>> - - as per #846359 and #824532, this creates a new binary package, >>>> libu2f-common, containing the udev rules; >>>> - - the new upstream version brings udev rules for additional devices. >>> >>> Sorry, I still do not see the reasoning behing such a move: >>> >>> <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824532#42> >> >> Well, that one is simple: >> >> - #846358 is a bug, pure and simple, and this fixes it. > > As far as I know, no one has never objected to this and the fix does not > involve touching anything else WRT the current logic. > >> - Before this upload, the udev rules were shipped in the libu2f-host0 >> binary package, which is again wrong. > > It depends, it would be OK if access to these devices was only possible > via libu2f-host0, which is not the case here: > > <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824532#17> > >> There are two options, then >> >> 1. keeping the udev rules in the libu2f-host *source* package >> 2. moving the udev rules to another source package >> >> >> I am strongly in favor of 1, if only because upstream actually maintains >> that list in this package. The alternative involves >> - repackaging libu2f-host to get rid of this >> (and patching the build/install scripts), > > Sorry? No need to repack or patch anything from upstream, but simple do > not install the udev rules in a .deb package. To make this perfectly clear (again): I, as udev/systemd maintainer, object to maintaining that u2f udev rule as a downstream patch in udev and I will remove that patch from src:systemd post stretch. It's simply not maintainable (as proven by the outdated rule we ship). Possible solutions for you to consider: 1/ get those udev rules accepted at systemd upstream (was rejected afair) 2/ split the rules out into a -common package which doesn't require libu2f-host0 to be installed 3/ rework u2f support so it doesn't requires those udev rules. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
Attachment:
signature.asc
Description: OpenPGP digital signature