On 15/08/2012 15:34, Mats Erik Andersson wrote: > > the initial release of rush_1.7+dfsg-1 happened a year ago. > The package has a minute user base, but when I returned to the > package recently I happened to notice that there was a clear > mistake in the recording of copyright terms for one of the > files. The published package claims GPL, whereas a scrutiny > of the text reveals a custom license, very close to a public > domain attribution, intended to allow linking with LGPL. > My sponsor Sven Hoexter suggests that this might be classified > as a release critical deviation. Presently he has uploaded > the package to "experimental" while we await guidance from > this list. > > However, the updated packaging rush_1.7+dfsg-2, which I have > uploaded to "debian.mentors.net", happens to also address the > hardened build of the contained binary executables. It is > a priori not obvious that this composite package update would > qualify for inclusion in the upcoming release, this late in > the process. Personally I regard the hardening valuable to > a security relevant service like GNU Rush, so I now seek > conclusive advice on this matter, as to the prospects of > unblocking the package and getting it into "testing". >
Sorry for the delay. I guess we could accept the changes made in the copyright file (as it counts as a documentation fix), but we prefer to not have further changes in the package. HTH, -- Mehdi Dogguy مهدي الدڤي -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
