On 2018-02-12 11:22 +0000, Colin Watson wrote: > On Mon, Feb 12, 2018 at 10:42:16AM +0000, Simon McVittie wrote: > > On Mon, 12 Feb 2018 at 10:28:33 +0000, Colin Watson wrote: > > > Fortunately, libgcrypt upstream implemented unencumbered replacement > > > CRC code a while back, and over the weekend I worked on backporting > > > this to the version of libgcrypt imported into GRUB > > > > I believe the canonical way to do this is to delete the problematic file > > from the orig tarball, and patch in the reimplementation as part of the > > Debian part of the source package. This will mean your orig tarball is > > incomplete/not compilable, but that isn't something Debian really aims > > to solve. > > Huh. I hadn't thought of that option, but it seems peculiar and > excessively baroque (it basically splits the patch into a remove and an > add, making it less obviously identical to the one submitted upstream > and harder to keep track of in git). Is there a strong reason to take > that approach?
I'd have done the same as Simon. The main advantage is that it makes the tarball free software, which we generally don't get any leeway about (although in this case I presume we have in fact been shipping a bit of non-free code for years? so continuing to do so is not making things worse). Wookey -- Principal hats: Linaro, Debian, Wookware, ARM http://wookware.org/
Description: PGP signature