Aargh, yes --- the extras are documented upstream, but I completely forgot
to update the debian/copyright file... I'm usually better than that. Sorry.
(That's why there are reviews!)

I have:

- produced a new upstream version, 0.7.1, with the code rearranged to make
it easier to strip out the unneeded dependencies, and much better
documentation of third-party code.
- produced a special minimal distribution just for Debian with the unused
dependencies removed. (Most of them weren't being used anyway; now they're
not present.)
- updated the packaging.

The only thing the package actually uses now is a patched copy of xpattern,
which can't be externalised. It's documented in the copyright file.

The new package is 0.7.1-1, here:

https://mentors.debian.net/package/wordgrinder

PTAL and let me know what else is wrong...

On Thu, 2 Nov 2017 at 04:15 Adam Borowski <kilob...@angband.pl> wrote:

> On Tue, Oct 31, 2017 at 11:33:13AM +0100, David Given wrote:
> > * Package name: wordgrinder
> >   Version: 0.7-1
>
> > WordGrinder's not a new package --- it's been in Debian since wheezy.
> > Unfortunately my existing sponsor has retired and is unable to upload
> > the new version, so for the this version I'm looking for a new
> > sponsor. The package should be in pretty good shape as the old sponsor
> > waa pretty conscientous; it's lintian clean, has hardening enabled,
> > and uses dquilt for patching.
> >
> > Disclaimer: when I'm wearing my other hat, I am the upstream author.
> >
> > Changes since the last upload:
> >
> >  - New upstream release
>
> I'm afraid the new version ships a bunch of big external projects such as
> lua-5.1, minizip, uthash (aka "convenience copies").  It'd be better to
> remove them from the tarball to ensure only the system version is used --
> this greatly helps the Security Team.  This is not strictly needed, but
> there should be a good reason to do otherwise.
>
> You also don't even mention them (other than uthash) in the copyright file,
> despite them not having been written by you.
>
> There's also a bunch of smaller files from external source (lfs, wcwidth,
> lua-bitop) -- you also falsely claim that you own copyright for them.
>
> (Yeah, copyright issues are an unfun thing, but these days lawyers rule the
> world.)
>
>
> Meow!
> --
> ⢀⣴⠾⠻⢶⣦⠀ Laws we want back: Poland, Dz.U. 1921 nr.30 poz.177 (also Dz.U.
> ⣾⠁⢰⠒⠀⣿⡁ 1920 nr.11 poz.61): Art.2: An official, guilty of accepting a gift
> ⢿⡄⠘⠷⠚⠋⠀ or another material benefit, or a promise thereof, [in matters
> ⠈⠳⣄⠀⠀⠀⠀ relevant to duties], shall be punished by death by shooting.
>
-- 
┌─── http://cowlark.com ───
│ "There is nothing in the world so dangerous --- and I mean *nothing*
│ --- as a children's story that happens to be true." --- Master Li Kao,
│ _The Bridge of Birds_

Reply via email to