On Fri, Jan 15, 2016 at 7:52 PM, Gard Spreemann wrote: > A search on codesearch.debian.net reveals that at least the following > packages in Debian bundle duplicates of the code: > - python-scipy (see also #778635) > - vxl > - nwchem > - plastimatch > - psi4 > > I believe that Debian should provide lbfgsb as a standalone library, > as it is useful in its own right and its presence could lead to code > deduplication in the future.
Please report these to the Debian security team so they can record the info in their metadata: https://wiki.debian.org/EmbeddedCodeCopies > Note that upstream's tarball > (http://users.iems.northwestern.edu/~nocedal/Software/Lbfgsb.3.0.tar.gz) > contains a few prebuilt binaries, and is also a minor tarbomb. Ick, that is something that needs fixing upstream. > Upstream seems very inactive in the sense that the code appears to be > "done". I have maintained a package for personal use since 2013 and > have never experienced problems. I thus feel I could handle maintaing > the package also for a wider user base going forward. You might want to check it over using check-all-the-things (in experimental), that will probably show some things that need polishing. You might also want to suggest that upstream put their code in a VCS repository and read our upstream guide. https://wiki.debian.org/UpstreamGuide -- bye, pabs https://wiki.debian.org/PaulWise
