Le 03/12/2018 à 12:11, Mattia Rizzolo a écrit :
> On Mon, Dec 03, 2018 at 11:24:46AM +0100, Xavier wrote:
>> For example, node-mongodb uses uscan components to embed some
>> node-modules [1]. DD can update his debian/watch to add a new component.
>>
>> When a DD adds a binary entry in debian/control, update isn't accepted
>> directly in unstable but routed to NEW queue.
>>
>> It could be safe to apply the same policy when a component is added.
> 
> I disagree with this position, for at least because they have been
> around for a very long time (the fact that uscan now can deal with this
> weird versioning to track different projects is just a detail, really),
> but I don't think anybody ever thought there were reasons to gate them
> through NEW.
> 
> I understand there are fair risks of people adding a new component
> referring to an entirely different project without updating d/copyright,
> but it's a risk we have always had (see vlc, it sometimes embeds
> ffmpeg), and I don't think the ftp-team have the resources to start
> reviewing also these.

OK, so perhaps could we think to add some lintian errors?
 - require debian/README.source
 - detect missing "Files: <component-name>/..." in debian/copyright

Reply via email to