Hi Elana, Thank you for looking into this.
I've believed the vendor/ directory is thoroughly vetted, and I have also checked every single directory, sometimes even files. I do not think there is a DFSG issue here. Dmitry does not agree with the fact that vendor/ is boundled in the Debian packages. It is not actually against the Debian Policy either, only his interpretation of it. There was a flamewar on this on debian-devel. Long story short, Dmitry did not maintain and did not want to maintain the package, I've adopted it and repackaged it boundling the vendor/ directory, Dmitry was upset because of the technical disagreement. Nobody with actual powers had a problem with this. Marking this as a serious bug is his latest attempt at sabotage. Granted, the current solution is not ideal. Janos On Tue, Sep 22, 2020 at 6:09 PM Elana Hashman <ehash...@debian.org> wrote: > On Tue, Sep 22, 2020 at 08:56:25PM +1000, Dmitry Smirnov wrote: > > > > As discussed in debian-devel, Kubernetes package abuses Debian practices > > and Golang team policies by needlessly vendoring hundreds(!) of > libraries, > > most of which are available in Debian. > > > > For a complex package like Kubernetes, _some_ strategic vendoring would > be > > understandable for practical reasons. But not everything. > > > > Maintainer circumvented packaging practices and introduced re-packaged > > Kubernetes in a state that would have never been accepted by ftp-masters. > > > > Please consider removing redundant libraries from "vendor". > > In the current state, the package is unsuitable for "stable". > > It's not entirely clear to me if the policy concerns are around > licensing compliance or simply the volume of vendored dependencies. > > > Wearing my Kubernetes SIG Chair/upstream hat: > > I believe that the license compliance of everything in vendor/ has been > thoroughly vetted, but that information may not have been adequately > surfaced for downstream projects to use. In this case, any violations > are surface-level/paperwork as opposed to fundamental issues with DFSG > compliance. I've requested that upstream better surfaces this > information in order to be able to build Kubernetes in a > policy-compliant way in Debian: > https://github.com/kubernetes/kubernetes/issues/94976 > > Thanks, > > - e > -- LÉNÁRT, János <lena...@gmail.com>
