severity 1051474 important
thanks
Hi,
Am 08.09.23 um 19:19 schrieb Bastien Roucariès:
Source: libreoffice
Severity: serious
Tags: security
Justification: Document embdeded code copy + copyright
X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
Since when is that serious? It isn't. There have been no complains from
anyone in the security team in any of the last security updates?
(None of which affected any of the internal copies used,)
The policy says "should". And it it it followed.
The most stuff isn't used as internal code copies, only the unavoidable
ones is. And TTBOMK the security team DOES know it.
> Could you document that you embded a few tar ball under the security
tracker ?
You mean I should send MRs to it?
>Moreover you do not document where you downloaded these file a comment
under
copyright will be helpful (README.source say how to retrieve it not the link to
get).
The fetch it manually and put it there. (Which normally would be done
from upstreams build systeem for ALL tarballs, even those not used..)
(It basically always is https://dev-www.libreoffice.org/src/ (which
mirrors stuff they got from the website):
Makefile: $(call
fetch_Download_item_unchecked,https://download.documentfoundation.org/libreoffice/src/$(shell
echo $(gb_LO_VER) | sed -e
"s/\([0-9]*\.[0-9]*\.[0-9]*\).*/\1/"),libreoffice-$(i)-$(gb_LO_VER).tar.xz))
Regards,
Rene