On Saturday, December 7, 2024 11:18:20 AM MST Scott Kitterman wrote: > On December 7, 2024 5:29:39 PM UTC, Soren Stoutner <so...@debian.org> wrote: > ... > > >I have not had any experience with waf before, and so am not aware of DFSG or > >malware difficulties that other projects have faced. In the case of > >PyInstaller, most of the waf code is contained in: > > > >https://salsa.debian.org/python-team/packages/pyinstaller/-/tree/debian/ > >master/bootloader/waflib?ref_type=heads > > > >It is written in Python and licensed under the BSD-3-clause. It is used to > >compile the C code in: > > > >https://salsa.debian.org/python-team/packages/pyinstaller/-/tree/debian/ > >master/bootloader/src?ref_type=heads > > > >Which is licensed under the GPL-2+~with-bootloader-exception, which is the > >main license of the project. The resulting bootloader (two files) is shipped > >in the binary package in /usr/lib/python3/dist-packages/PyInstaller/ > >bootloader/Linux-64bit-intel/*. > > > >None of this looks problematic to me. However, if there are any concerns I > >have missed I would be very interested to hear of them before I submit > >PyInstaller to the NEW queue. > > Have a look at the waf entry in the FTP Team reject FAQ: > > https://ftp-master.debian.org/REJECT-FAQ.html
"That's a special case of source code missing. Normally packages using waf as build system contain a Python script with a compressed tarball embedded as a binary blob, where it is not obvious how to get the actual source. As that's not considered to be the preferred form of modification, it fails the DFSG. See #645190 and https://wiki.debian.org/UnpackWaf for details.” As I detailed in the previous email, that does not appear to be the case for PyInstaller. There are no binary blobs that I have found (although I would be interested in knowing if I have missed them). I do understand and agree with such a concern. It just doesn’t appear to be how waf is used by PyInstaller. -- Soren Stoutner so...@debian.org
signature.asc
Description: This is a digitally signed message part.
