Am 20.10.2017 um 15:26 schrieb Simon McVittie: > On Fri, 20 Oct 2017 at 14:36:06 +0200, Markus Koschany wrote: >> If you insist on severity >> serious for such a problem, then bug reports with the same severity >> should be filed against packages >> >> a) that do not recreate their build system at build time >> b) all packages that contain a prebuilt object without corresponding >> source, even when they are not used to build the package, or used at >> runtime (like .dll and .exe files) > > I don't think those are the same thing at all, and I think trying to > equate them clouds the issue.
Thanks for your reply. I think we are on the same page. My two points were exaggerated on purpose meaning I also believe that this topic deserves a more differentiated point of view which you delivered. So you are basically saying that the situation for configure scripts is less clear-cut and you tend to acknowledge that this is a bug but usually not a release critical one and it also depends on how the copyright holder is treating the generated file. What do you make of this specific case now, a modifiable but unused configure file in a source package? Would you remove this file from one of your packages given the same circumstances? Is this release-critical for you? [...] >> b) all packages that contain a prebuilt object without corresponding >> source, even when they are not used to build the package, or used at >> runtime (like .dll and .exe files) > > That's my (3.) above, and I think there is consensus that it is a > release-critical bug. We remove these objects when we find them. > > (If I am wrong about that, then I can stop repacking the Quake series of > game engines to exclude prebuilt Windows DLLs... but I would not want > to do that without approval from the ftp team, and the ftp team seem > highly unlikely to give that approval.) [...] Just for clarification: I completely agree that we should remove those files whenever we can. I have done the same in all of my packages and I am even more picky when it comes to prebuilt jar files in my Java packages because there is a real possibility that they are used by accident during the build process. However I do not think the same severity is appropriate for Windows files because they are platform specific and usually are only there for the convenience of upstream's windows users. They waste disk space but do not impair my freedom. Looking at https://lintian.debian.org/tags/source-contains-prebuilt-windows-binary.html I can still see that we have more than 1000 source packages in the archive that ship those files. So I think you are not correct if you claim that we treat them as release-critical bugs at the moment otherwise I would expect this Lintian tag to be an error not a pedantic issue. And this is why it is frustrating for me to read bug reports like this one, where we have just a modifiable text file but there are arguably more severe issues right before our eyes. Therefore my plea to use appropriate severity levels. Markus
signature.asc
Description: OpenPGP digital signature