Source: otrs2 Version: 5.0.6-1 Severity: serious I'm quite shocked to find how badly otrs2 packaging violates DFSG. There are many non-distributrable pre-built (minified) source-less files in orig tarball under "var/httpd/htdocs/js/thirdparty". No attemps to fix this situation has been and some inconvenient lintian warnings (such as "source- contains-prebuilt-javascript-object" and "source-contains-prebuilt-flash- object") are hidden through use of lintian-overrides. Moreover many bundled third party components are not even documented in "debian/copyright". :( :(
Fixing those problems is neigher optional nor hard. To comply with policy
sources of minified files can be shipped in "debian/missing-sources".
Minified files can be replaced on build time with their uncompressed original
files or even with files minified by build srcipts (if you believe in
minification). Where appropriate you can certainly use system libjs-*
packages and there is already bug for that: #695664.
At your convenience you can use "dh_linktree" or "dh_link" helpers to
facilitate replacement.
New `uscan` functionality allows to do DFSG-repackaging by utilising
"copyright/Files-Excluded" field -- you can read more about that in
https://wiki.debian.org/UscanEnhancements
(Also it might be helpful to add "repacksuffix=+dfsg" to "debian/watch").
Finally you don't have to document copyrights and licenses for files that
were dropped from orig.tar.
You are not the only maintainer who have to deal with pesky bundled non-DFSG
third party components. Just recently yours truly had to fix package
"ckeditor" because one of my packages bundles it. Therefore I'm confident
that you can replace "ckeditor" bundled to "otrs2" with "ckeditor (>=
4.5.6~)" right now and that it is safe to do so.
Please address all those problems ASAP.
--
Cheers,
Dmitry Smirnov
GPG key : 4096R/53968D1B
---
Democracy is a pathetic belief in the collective wisdom of individual
ignorance.
-- H. L. Mencken
signature.asc
Description: This is a digitally signed message part.
