On 2025-02-05, Roberto A. Foglietta wrote:
> On Wed, 5 Feb 2025 at 06:06, Michael Lustfield <mich...@lustfield.net> wrote:
> >
> > They actually included
> > their own debian/ directory, making it a clear license violation to
> > touch anything inside.
>
> Hence Michael is right. Because even the smallest and most innocent
> change can compromise the trust of the chain of the data management as
> they intended.
(Disclaimer: I'm a Tarsnap employee, but not a lawyer, and certainly
don't own the copyright.)
After looking at the full message in the list archives, it's not clear
to me whether "they actually included their own..." refers to Tarsnap or
truecrypt.
To clarify, tarsnap does not have a top-level
debian/
directory. Rather, we have a top-level
pkg/debian/
directory -- but that's (appropriately) ignored by dpkg-buildpackage and
related deb packaging tools.
As such, making a package would involve adding a *new* top-level debian/
directory (which may or may not be an exact copy of pkg/debian/).
There's no need to modify any files that we distribute -- I specifically
put packaging stuff in pkg/debian/ so that the tarsnap_*.debian.tar.gz
would not overwrite anything in the .orig source tarball.
Cheers,
- Graham
