Le 03/12/2018 à 12:11, Mattia Rizzolo a écrit : > On Mon, Dec 03, 2018 at 11:24:46AM +0100, Xavier wrote: >> For example, node-mongodb uses uscan components to embed some >> node-modules [1]. DD can update his debian/watch to add a new component. >> >> When a DD adds a binary entry in debian/control, update isn't accepted >> directly in unstable but routed to NEW queue. >> >> It could be safe to apply the same policy when a component is added. > > I disagree with this position, for at least because they have been > around for a very long time (the fact that uscan now can deal with this > weird versioning to track different projects is just a detail, really), > but I don't think anybody ever thought there were reasons to gate them > through NEW. > > I understand there are fair risks of people adding a new component > referring to an entirely different project without updating d/copyright, > but it's a risk we have always had (see vlc, it sometimes embeds > ffmpeg), and I don't think the ftp-team have the resources to start > reviewing also these.
OK, so perhaps could we think to add some lintian errors? - require debian/README.source - detect missing "Files: <component-name>/..." in debian/copyright

