Control: tags -1 pending On Fri, 2 Sep 2022 20:59:56 +0200 Tobias Frost <t...@debian.org> wrote: > X-Debbugs-CC: 935...@bugs.debian.org > Package: assaultcube-data > Version: 1.2.0.2.1-3 > Severity: serious > Justification: Policy 2.2.3 > Control: affects -1 assaultcube > > When I was looking into updating assaultcube to the new upstream release, I > was prompted by #935669#57 > to look into the copyright situation.. > > Before diving into it, I'd like to state that I believe upstream that hey have > done their due diligence to ensure that they are able to redistribute their > package. > > Upstream tells on their license site [1[ that it is ok to distribute the > package unmodified. > > they gave Debian specic license to repack where appropiate, but only to make > packaging easier. [2] [3] > > however they reserve the right revoke that license *at any time*; even if > they try to find a resolution > before, but they explictily reserve the right to revoke. > > Additionally, looking in the assaultcube data files package, there are > several files with unclear > copyright status or file origin, a few are just "all rights reserved".
Ok, new information. I just figured out that the orig.tar is not matching upstreams'. It seems to have been repackaged by the current maintainer without declaring or documenting that this has been done. (The same thing happened to the game engine. ) This explains a few things: - why there is no upstream version 1.2.0.2*.1* - why the maintainer pointed all uptream references to their own gitlab repo. (I guess this was a lack of understanding of Debian policies and/or the upstream license, but I don't think it was out of malice.) The repacking seems to consist of removal of non-data (the engine), which would be covered, however, there are some configuration files which differs from the upstream's tarball version. Those changes like cherry-picks from newer versions, for example bot_skill.cfg in maintainers' repository equals to bot_skill.cfg of 1.3.0.0 upstream. There are more changes like this, I did not check if those are cherry-picks as well. ok, how to fix that: Luckily, there is a new upstream version pending, so we have an opportunity fix the mismatching orig.tar… To tackle the difficulty on the copyright situation: my plans are to have a download script (as I proposed earlier in this bug), to download and install (the umodified) game data at install-time. The best place to do that is the assaultcube engine package itself, so I will implement that there. Afterwards, this source package "assaultcube-data" should be removed from Debian. Marking as pending, as I'm currently working on it. -- tobi
