On 10/02/2013 10:23 PM, Faidon Liambotis wrote: > Package: asterisk > Version: 1:11.5.1~dfsg-2 > Severity: serious > > I was surprised and initially happy to see Asterisk 11 uploaded into > sid. My happiness quickly diminished when I saw that the upload contains > the embedded pjproject as-is, despite this issue having been flagged for > months now and being the sole blocker for an upload since the release of > Asterisk 11 eleven months ago. > > There are several policy violations here: > - Contains a convenience copy of pjproject under res/pjproject (§4.13)
This is indeed a slip-up, the pjproject source was definitely intended to be stripped from the asterisk tarball, as documented in debian/changelog. I found the commit which removed the pjproject-stripping-code from debian/rules: http://anonscm.debian.org/gitweb/?p=pkg-voip/asterisk.git;a=commitdiff;h=6148e287cc35d0756785af74fe2bfa6f3148d706 > - pjproject itself contains convenience copies of several libraries > under res/pjproject/third_party/ some of which already packaged in > Debian (§4.13) > - All of the above are completely undocumented in d/copyright (§12.5) > - Not only they are undocumented, but it looks like no audit has > happened on them whatsoever. From a very cursory look, at least > res/pjproject/third_party/milenage/ & res/pjproject/third_party/g7221/ > seem to completely lack license information other than the occasional > "All right reserved", which makes them undistributable by Debian or > anyone else. (§2.3) > You may not have noticed, but pjproject has its own package: http://packages.qa.debian.org/p/pjproject.html Go take a look at the pjproject packaging and you will find these points have been addressed. > I'm baffled on how a DD could ever upload this into the archive, esp. > since these issues were widely known and discussed beforehand. Please > refrain from making such uploads in the future, as it's both a disgrace > to Debian's standards and a legal risk. I suggest you have more than a cursory look next time before using this kind of tone. Thanks anyway for the report, Jeremy -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
