On Fri, Apr 06, 2018 at 08:15:17PM +0800, Yanhao Mo wrote:
> * Package name    : deepin-music
>   Version         : 3.1.8-1
>   Upstream Author : Deepin Technology Co., Ltd.
> * URL             : https://github.com/linuxdeepin/deepin-music
> * License         : GPL-3+
>   Section         : sound
> It builds those binary packages:
>   deepin-music - Awesome music player with brilliant and tweakful UI

I'm afraid the copyright file lacks the vast majority of licenses and
copyright holders.  However, all parts not by Deepin are inside the vendor/
subdir, and don't seem to be used during the build (you properly use system
libraries instead of those so-called "convenience copies").

Thus, I think it'd be a lot better to, instead of painstakingly documenting
every bit in that dir, remove it (for example via "Files-Excluded" in the
watch file to automatically repack upstream tarballs).  This would also make
the Security Team like you a lot more, as such "convenience copies" make
their life hard as every problem requires searching the whole archive for
copies of a library that needs to be updated.  And these days, sometimes
packages get outright rejected, turning what used to be merely "best
practice" to fully mandatory.

The only other issue is a nitpick: the short description shouldn't be
capitalized unless you mean something named "Awesome".  You might also tone
down the wording a wee bit.

Looks good otherwise!

⢿⡄⠘⠷⠚⠋⠀ ... what's the frequency of that 5V DC?

Reply via email to