Sorry for the delay, sprint + fosdem + 2 conferences made me not find
the time earlier since we assigned it last week :-/
(This is a bit more than usual as I can't stop bleeding in half a MIR
review)
- Build tested (I know you ship this in a PPA since ages, so that worked
without surprise).
- Build time tests are executed
non-critical: Some are skipped like "? github.com/ubuntu/authd/nss
[no test files]"
- It uses vendored code under the special policies agreed in general and
the MIR rules in regard to similar scenarios
- build rules are relatively clean (mostly exports to control the other
pieces that follow)
- namespace check
it is quite short, but authd is an established name even other distros refer
to it nowadays so I guess it is safe
- Lintian check
Happy except a few copyright warnings which we will get into in the next spot
- License/Copyright checks
Here is a problem, despite the changelog saying something quite hope-
triggering
1 authd (0.5.7) resolute; urgency=medium
2
3 * debian/copyright: Add missing licenses
4 * needs-packaging: LP: #2136731
I see these two kinds of license issues
Superfluous
W: authd source: superfluous-file-pattern vendor/github.com/hashicorp/*
[debian/copyright:115]
W: authd source: superfluous-file-pattern vendor/github.com/magiconair/*
[debian/copyright:127]
W: authd source: superfluous-file-pattern vendor/github.com/mitchellh/*
[debian/copyright:135]
W: authd source: superfluous-file-pattern
vendor/github.com/sagikazarmark/slog-shim/* [debian/copyright:163]
W: authd source: superfluous-file-pattern vendor_rust/adler/*
[debian/copyright:234]
W: authd source: superfluous-file-pattern vendor_rust/async-stream*/*
[debian/copyright:276]
W: authd source: superfluous-file-pattern vendor_rust/hermit-abi/*
[debian/copyright:244]
W: authd source: superfluous-file-pattern vendor_rust/ppv-lite86/*
[debian/copyright:400]
W: authd source: superfluous-file-pattern vendor_rust/rand/*
[debian/copyright:411]
W: authd source: superfluous-file-pattern vendor_rust/rand_chacha/*
[debian/copyright:411]
W: authd source: superfluous-file-pattern vendor_rust/rand_core/*
[debian/copyright:411]
See https://lintian.debian.org/tags/superfluous-file-pattern.html
Those really are not present in your tree and that suggestes that the recent
upload might have added some but not fully cleared and updated them.
Please fix.
W: authd source: missing-license-paragraph-in-dep5-copyright gpl-2+
[debian/copyright:53]
W: authd source: missing-license-paragraph-in-dep5-copyright gpl-3+
[debian/copyright:49]
W: authd source: missing-license-paragraph-in-dep5-copyright lgpl-2+
[debian/copyright:45]
I agree to the licenses you identified
licensecheck --copyright pam/integration-tests/pam_mkhomedir/pam_mkhomedir.c
pam/internal/gdm/extensions/gdm-custom-json-pam-extension.h
pam/internal/gdm/extensions/gdm-pam-extensions-common.h
pam/integration-tests/pam_mkhomedir/pam_mkhomedir.c: GNU Library General Public
License v2 or later
[Copyright: Red Hat, Inc. 2009]
pam/internal/gdm/extensions/gdm-custom-json-pam-extension.h: GNU General Public
License v3.0 or later
[Copyright: 2023 Canonical Ltd.]
pam/internal/gdm/extensions/gdm-pam-extensions-common.h: GNU General Public
License v2.0 or later
[Copyright: 2017 Red Hat, Inc.]
But they are missing the full statements that are required.
There are some easier passes if the text is fully in
/usr/share/common-licenses/ but that does IMHO not trigger here.
There are a few more like
P: authd: spelling-error-in-copyright Unknwon Unknown
vs
licensecheck -r vendor/gopkg.in/ini.v1/
vendor/gopkg.in/ini.v1//LICENSE: *No copyright* Apache License 2.0
I'd ask you to please:
1. Add the full text of those licenses (yes I know it is "the same and newer",
but let us be correct)
2. Clean out the no more applicable licenses of code no more existing
3. Use that insight to go over all vendored deps again, fix what you think you
need to fix
4. run a build and ensure lintian does not yell at you this time - neither post
build nor in the source
5. upload again for acceptance
This should not be too complex, sorry for the extra hurdle.
** Changed in: authd (Ubuntu)
Status: Fix Committed => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2136731
Title:
[needs-packaging] authd
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/authd/+bug/2136731/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
