On Fri, 18 Jun 2021 12:53:37 +0200 "Diego M. Rodriguez" <di...@moreda.io> wrote:
> [...] > Actually, while the upstream tarball (from PyPI) does not include the > unicode.xml file, upon closer inspection upstream does include it in > their GitHub releases. If using the release for packaging is technically > viable (looks like it will be), would it be preferable from the legal side? > > > Suggestion --> [...] In that case, you can just use the correct path for unicode.xml, drop the comment from the second paragraph, and simplify the paragraph in the first. Both still appear to have a unique copyright/license from each other, as well as the rest of the project, so they should still both be represented separately. > :: would it be preferable from the legal side? I'm a bit confused by this. It's always preferable to follow upstream releases when generating packages. Building packages from projects that don't create releases (see golang...) is a bit of a headache and helps result in some truly horrific version numbers. [1] If the upstream project provides releases, then definitely use them. What matters from a legal perspective is that you follow what is spelled out in the license. (That's also the primary concern behind packages passing through the NEW queue.) [1] 1:0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1+deb8u1 -- Michael Lustfield
