Just a note about embedded code copies: Embedded code copies should be avoided, but the policy does not use the words "must not" here. In some cases it is difficult to avoid them and they may be tolerated for some time.
As long as mediagoblin is the only package using it, there is at least not the problem of code duplication, but Debian must be aware of the code, so that one can react on security issues. The testing security team maintains a list of embedded code copies for this purpose: https://anonscm.debian.org/viewvc/secure-testing/data/embedded-code-copies?view=co I suggest to file a bug against mediagoblin about any embedded code copies and send the bug numbers as reference to secure-testing-t...@lists.alioth.debian.org. See https://wiki.debian.org/EmbeddedCodeCopies -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141014211123.GA15648@fama
