On Sunday, November 23, 2025 8:20:15 PM Mountain Standard Time Richard Laager wrote: > All of this is just my opinion, of course... > > If it were my package, I'd probably do something like this (which could > list multiple files): > > Files: testdata/valid-evidence.json > Copyright: OWASP Foundation > License: Apache-2.0 > Comment: > This file contains strings that are test copyright statements, which > are being used as a test vector for proper license/copyright parsing. > They do not correspond to any copyright of this package. > > That way, you are really explicit about which files have the issue. If > you put the comment at the top-level and just say "Several files", it's > a lot less clear which files you're talking about. You said it was many, > and I haven't looked at the package itself, so I might do something > different if it was really a large number that couldn't be covered by > glob patterns. > > I wouldn't copy the fake copyright statements into debian/copyright. > That feels wrong to me.
I also agree with this approach. -- Soren Stoutner [email protected]
signature.asc
Description: This is a digitally signed message part.
