On Mon, Jun 29, 2026 at 01:57:28PM +0200, Thomas Goirand wrote: > On 6/24/26 3:38 PM, Julian Gilbey wrote: > > Source: fonts-materialdesignicons-webfont > > Version: 7.4.47-1 > > Severity: serious > > > > Hi Thomas, > > > > I'm looking at 7.4.47-1, and see that it is built using the > > pre-compiled fonts. This has two serious issues: > > > > (1) Some of the icons have a problematic license: the LICENSE file > > reads: > > > > # Icons: Apache 2.0 (https://www.apache.org/licenses/LICENSE-2.0) > > Some of the icons are redistributed under the Apache 2.0 license. All other > > icons are either redistributed under their respective licenses or are > > distributed under the Apache 2.0 license. > > > > The brand icons are not included in the Apache 2.0 license, so cannot > > be included in this package. They were going to be removed in version > > 8.0.0 of the icon font, but it looks like all development on this > > package has stopped. > > > > (2) The package is not built "from source", which are the SVG icons in > > the MaterialDesign-SVG repository. > > > > I would be happy to fix both of these issues, but I don't want to mess > > up your repository. To do the fix, I would switch to the > > MaterialDesign-SVG repository as the primary source and add the > > MaterialDesign-Font-Build repository as an additional component. You > > can see what I have done with the new fonts-materialdesignicons-legacy > > package to fix these issues; I would use an (almost) identical > > structure with the version 7 package > > (fonts-materialdesignicons-webfont). However, I don't know how to do > > this within the OpenStack build structure as specified here: > > https://wiki.debian.org/OpenStack/PackageUpdate#Import_upstream_changes_to_the_debian.2FOSRELEASE_branch > > > > Some possible options (some of which overlap): > > > > (a) We don't continue to follow the OpenStack setup for this specific > > repository. I'm guessing that this is unlikely to be much of a > > problem, as it looks like the package is abandoned upstream, but I > > don't fully understand how the OpenStack team works, so I am not at > > all certain about this. > > > > (b) You set it up with the new source and additional component in a > > way which is compatible with OpenStack, and then I do the rest of the > > work. Note, though, that you cannot simply clone the upstream > > MaterialDesign-SVG repository, because a whole bunch of files have to > > be excluded; the upstream version number will become 7.4.47+dfsg. > > > > (c) You find an alternative way of addressing this bug, and I'm > > totally open to that possibility too! > > > > (d) We take this package out of the OpenStack team and migrate it to > > the Fonts team, so it does not need to follow the OpenStack protocol. > > > > Best wishes, > > > > Julian > > Hi Julian, > > Thanks for this bug report. > > The way it works for Horizon, to find its webfont, is through the > python-xstatic-font-awesome package. This is a Python module that is > supposed to contain the webfonts. It's made in a way so that it is easy to > patch to make it use the system's font package instead.
Hi Thomas, I hadn't even looked at the python-xstatic-font-awesome package! Does that have a similar problem? (I got a "serious" bug report slapped on one of my packages which shipped the Font Awesome binary fonts.) > Currently, what's being done, is a simple "debianize.patch" that does: > > -#BASE_DIR = '/usr/share/javascript/d3' > +BASE_DIR = '/usr/share/fonts-font-awesome' > > so that assets are read from /usr/share/fonts-font-awesome. That sounds totally fine for python-xstatic-font-awesome; if it works, why break it?! But the fonts should be stripped from the source package, and I don't know how to do that within the Debian OpenStack paradigm. > If we remove the patch, and let the Python module install its assets, we > could replaced the installed assets by corresponding symlinks to the system > font package: that's another very valid way to fix the problem. > > At this time, I very much lack time to address it. Best would be if you > could take over the current fonts-materialdesignicons-webfont, or work on > the python-xstatic-font-awesome package, to solve the issue, and make it so > that it would point to the current package you're maintaining. It'd be > really awesome if you could work on that. Please let me know. I'm happy to do both of these; they should be pretty straightforward. The only question is where and how to maintain them. I'm happy to leave them in the OpenStack Salsa repository, but I don't know how to handle the change to a tarball source rather than linking to an upstream repository in a "compliant" way. If you can let me know that, I can make the changes and upload a new version. > In the mean time, I do not think this bug deserves the current severity that > you've set. I really would love to see this bug fixed, but I do not think > it's serious enough to grant the removal of Horizon, especially considering > that the affected icons aren't probably the ones that Horizon is using. > Removing both packages from testing will not help. I was copying what I had from someone else... (see #1025000). But the fix is now straightforward. (And if there is a big to-do in Debian about whether Font Awesome should be removed completely, it'll be a major issue, as so many fonts in Debian have equally problematic sources.) Best wishes, Julian

