https://bugzilla.redhat.com/show_bug.cgi?id=1830220
--- Comment #3 from Lyes Saadi <[email protected]> --- Hello! In this section of the guidelines: https://docs.fedoraproject.org/en-US/packaging-guidelines/#bundling > All packages whose upstreams have no mechanism to build against system > libraries MAY opt to carry bundled libraries, but if they do, they MUST > include an indication of what they bundle. This provides a mechanism for > locating libraries with bundled code which can, for example, assist in > locating packages which may have particular security vulnerabilities. > > To indicate an instance of bundling, first determine the name and version of > the bundled library: > > - If the bundled package also exists separately in the distribution, use the > name of that package. Otherwise consult the Naming Guidelines to determine an > appropriate name for the library as if it were entering the distribution as a > separate package. > > - Use the Versioning Guidelines to determine an appropriate version for the > library, if possible. If the library has been forked from an upstream, use the > upstream version that was most recently merged in or rebased onto, or the > version > the original library carried at the time of the fork. > > Then at an appropriate place in your spec, add Provides: bundled(<libname>) = > <version> > where <libname> and <version> are the name and version you determined above. > If it > was not possible to determine a version, use Provides: bundled(<libname>) > instead. > > In addition to indicating bundling in this manner, packages whose upstreams > have no > mechanism to build against system libraries must be contacted publicly about > a path to > supporting system libraries. If upstream refuses, this must be recorded in > the spec file, > either in comments placed adjacent to the Provides: above, or in an > additional file > checked into the SCM and referenced by a comment placed adjacent to the > Provides: above. So, a "Provide" for each bundled libraries and the addition of the MIT License (tomboykeybinder.c) with a comment indicating the license of each bundled libraries is enough to get the package approved ;)! -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
