On 02/10/2014 12:54 PM, Bastian Blank wrote:
> Package: libcglib-java
> Version: 2.2.2+dfsg-5
> Severity: serious
> libcglib-java uses jarjar to incoporate libasm3-java.  It does this
> without mentioning the license of the incorporated stuff or even listing
> it as Built-Using.

Hi Bastian,

Thanks for bringing this up.  It appears that everything that build
depends on libjarjar-java or libjarjar-maven-plugin-java is likely
suspect for this type of problem.

Instead of Built-Using or updating debian/copyright, it seems preferable
to refactor the source to use the actual libasm3-java JAR, although I
haven't yet looked into how much effort that will require.


Attachment: signature.asc
Description: OpenPGP digital signature

This is the maintainer address of Debian's Java team
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to