Source: maxima Version: 5.36.1-1 Severity: serious Justification: Policy 4.5 User: reproducible-builds@lists.alioth.debian.org Usertags: timestamps X-Debbugs-Cc: reproducible-builds@lists.alioth.debian.org
Hi,
Your packages contains an embedded code copy of texi2html which is
copyright Lionel Cons and others and is licensed under the GPL and
Creative Commons Attribution-ShareAlike license. This information is
missing from debian/copyright of maxima and is thus a violation of
policy §4.5.
I found this bug while working on the reproducible builds project [1] to
make texi2html produce reproducible output.
From that point of view there are two options:
1. remove the embedded code copy [2] and build-depend on texi2html
(this would also make policy §4.13 happy). I would prefer this
solution and would supply you with a patch if you want.
The package would not become immediately reproducible with this
solution though because it does not use dh in debian/rules but
instead classic debhelper. Because of that $SOURCE_DATE_EPOCH has
to be exported in debian/rules [3]
2. keep the embedded code copy and amend your debian/copyright. In this
case I would open another bug so that your embedded copy of
texi2html is patched to produce reproducible output.
Kind regards,
akira
[1] https://wiki.debian.org/ReproducibleBuilds/About
[2] https://wiki.debian.org/EmbeddedCodeCopies
[3] https://wiki.debian.org/ReproducibleBuilds/TimestampsProposal
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
