Thanks for the heads-up. As I'm an amateur at copyright law, where would be the most logical place to put it? c/LICENSE, LICENSE-libyaml? Suggestions definitely welcome.
On Wed, Sep 14, 2011 at 11:35 AM, Joachim Breitner <[email protected]> wrote: > @Michael: See further below for the part relevant to you. > > Hi Clint, > > I just saw this patch: > > Am Mittwoch, den 14.09.2011, 00:54 +0000 schrieb [email protected]: >> Wed Sep 14 00:54:00 UTC 2011 [email protected] >> * Disable patch to use system libyaml. >> Ignore-this: e082ab323e1444441552aaff99e4e9d7 >> >> M ./changelog +6 >> M ./patches/series -1 +1 >> >> Wed Sep 14 00:54:00 UTC 2011 [email protected] >> * Disable patch to use system libyaml. >> Ignore-this: e082ab323e1444441552aaff99e4e9d7 >> diff -rN -u old-haskell-yaml//changelog new-haskell-yaml//changelog >> --- old-haskell-yaml//changelog 2011-09-14 00:54:10.082332489 +0000 >> +++ new-haskell-yaml//changelog 2011-09-14 00:54:10.086335051 +0000 >> @@ -1,3 +1,9 @@ >> +haskell-yaml (0.4.1-2) unstable; urgency=low >> + >> + * Disable patch to use system libyaml. >> + >> + -- Clint Adams <[email protected]> Tue, 13 Sep 2011 20:42:31 -0400 >> + >> haskell-yaml (0.4.1-1) unstable; urgency=low >> >> * Initial release. >> diff -rN -u old-haskell-yaml//patches/series new-haskell-yaml//patches/series >> --- old-haskell-yaml//patches/series 2011-09-14 00:54:10.074333604 +0000 >> +++ new-haskell-yaml//patches/series 2011-09-14 00:54:10.090334506 +0000 >> @@ -1 +1 @@ >> -use-shared-libyaml.diff >> +#use-shared-libyaml.diff > > I’m curious: Why did you have to remove that patch? In Debian, we avoid > convenience copies when possible, e.g. for security reasons: Judging > from http://pyyaml.org/log/ version 0.1.4 removed a pointer arithmetic > overflow, this fix seems to be not included in the included copy. (I did > not check if it is exploitable or not.) > > Additionally, debian/copyright does not mention the copyright and > license of the embedded libyaml copy. The yaml haskell package does not > include it. This seems to be actually a copyright violation – hence the > CC to Michael Snoyman. > > Both are BSD-like licensed, so there is no conflict, but the actual > licenses differ slightly, but in any case the libyaml license and > copyright needs to be added to debian/copyright. > > And finally, if you have to use the embedded copy, you can remove the > build-dependency on libyaml-dev. > > Greetings, > Joachim > > PS, to be not only complaining: Thanks for your work on packaging yesod. > I’m looking forward to the results, as I am considering yesod for a > project that I’m about to start. > > -- > Joachim "nomeata" Breitner > Debian Developer > [email protected] | ICQ# 74513189 | GPG-Keyid: 4743206C > JID: [email protected] | http://people.debian.org/~nomeata > -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/caka2jgjyshkm9xrv1_azj---9iv-sjukvsu8fe3fatn9ydr...@mail.gmail.com
