On Fri, Feb 26, 2021 at 3:35 PM Markus Koschany wrote: > How can we keep the [embedded copies] list up-to-date?
Considering that the copies can be added, removed or made irrelevant in each upload of each package, I think this would be a very hard problem. The simplest solution would be to change the triage procedure to include searching for other copies of the affected code via apt-file, codesearch.d.n and sources.d.o ctags, this would increase the triage workload a lot though. Another option would be to automate the process of searching for code copies and provide a service for listing potential code copies. The SourcererCC project seems like something that could potentially be useful for this. This would have the downside of surfacing irrelevant copies that aren't used during the build process, but perhaps that would still be useful to encourage maintainers to ask upstreams to drop the copies. https://wiki.debian.org/EmbeddedCopies https://github.com/Mondego/SourcererCC -- bye, pabs https://wiki.debian.org/PaulWise