Am Mittwoch, 12. Juni 2013, 10:26:23 schrieb toganm@opensuse.org:
Hi,
As the subject says how do we proceed when there is problematic bundled library code in the upstream. darktable package has bundled squish library in the sources, and after discussing with the legal team it is best we follow the same route as fedora.
https://bugzilla.redhat.com/show_bug.cgi?id=972604
In fedora guidelines the solution outlined can be found in the following link:
https://fedoraproject.org/wiki/Packaging:SourceURL#When_Upstream_uses_Prohib ited_Code
Since there is no suggestion in our guidelines, how do I proceed in this case, as implementing the removal of offending code is not the issue but AFAIK our buildservice has some checks for the source code from the Source URL
yes ... not widely used yet... What I dislike about the fedora approach is that a random script gets executed on the developer workstation. That means you have to review this script each time before running it if it does come from some random submission. I doubt everybody will do that, so you would even need to review the factory scripts each time :/ A better approach would be to have some generic tool which would parse some config file and removes for example the questioning files. Maybe with support of reg-exp's. But not with the possibility to inject code.
Also does this removal of the code should be applied in the home project also, as I am providing nightly git builds as well in addition to the official package.
Togan --
Adrian Schroeter email: adrian@suse.de SUSE LINUX GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 21284 (AG Nürnberg) Maxfeldstraße 5 90409 Nürnberg Germany -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org