❦ 24 novembre 2017 17:48 +0100, Nicolas Braud-Santoni <nico...@braud-santoni.eu> :
>> In d/copyright: you need to include the complete CC0 license. > > OK; I did so based on what other packages were doing, according to > codesearch.d.n [0]. If that's an acceptable solution, I will > - include the whole CC0 license in debian/copyright > (this is already uploaded to mentors.d.n); > - open a bug against base-files to ship the CC0 in /usr/share/common-licences > - open bugs against concerned packages, to refer to the licence's text > as installed by base-files; (what should the severity be? I guess serious, > since it is a violation of Debian policy 12.5 [1]) > > [0]: https://codesearch.debian.net/search?q=path%3Adebian%2Fcopyright+CC0 > [1]: https://www.debian.org/doc/debian-policy/#copyright-information Any MBF should be discussed first on debian-devel@ first. For me, this seems a small violation and it would be preferable to stick with severity normal to not appear too agressive. >> You override the debian-watch-may-check-gpg-signature, but you also need >> to override orig-tarball-missing-upstream-signature. Since the tooling >> to check signatures the way you need it is not here, an alternative >> would be to not ship upstream GPG signature. > > That's something lintian picks up in the changes file, and there is currently > no way to override those, if I'm not mistaken: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575400 Oh, yes, I remember now. On my own packages, I have removed the GPG signature because of this. I don't know what's the stance of the FTP masters on this particular problem, so I don't know if it's best to get rid of the warning or just leave it as is. In your case, I would just remove the key since it is not used. > Thanks a bunch for the review, Looks good. Tell me what you want to do about the remaining lintian warning. -- Debian package sponsoring guidelines: https://vincent.bernat.im/en/debian-package-sponsoring
signature.asc
Description: PGP signature