toganm@opensuse.org wrote:
As the subject says how do we proceed when there is problematic bundled library code in the upstream. darktable package has bundled squish library in the sources, and after discussing with the legal team it is best we follow the same route as fedora.
https://bugzilla.redhat.com/show_bug.cgi?id=972604
In fedora guidelines the solution outlined can be found in the following link:
https://fedoraproject.org/wiki/Packaging:SourceURL#When_Upstream_uses_Prohib...
Since there is no suggestion in our guidelines, how do I proceed in this case, as implementing the removal of offending code is not the issue but AFAIK our buildservice has some checks for the source code from the Source URL
It might be sufficient to put an rm -r in the spec file and clearly document there that with this you are removing the offending code so there is absolutely no way for it to end up in the binary package. As additional safeguard you could also add some additional grepping on the binaries after make install and fail the build if the offending code somehow sneaked in nevertheless. With those measurements it might be acceptable for legal while still adhering to the pristine source principle. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org