On Mon, Oct 10, 2016 at 8:30 PM, Tobias Frost <t...@debian.org> wrote: > Dear Developers, > > while packaging an updated version of one of my packages which included > now rapidjson I became aware that this library includes the test suite > date of http://json.org/JSON_checker/. While there is no license on the > testsuite.zip, json_checker is licensed by json.org with the infamous > clause "The Software shall be used for Good, not Evil." > and I believe the testdata is covered under the same license "best > case", (worst case not licensed at all. > > For rapidjson [1] I filed #840333, but afterwards I checked also > codesearch.debian.net for one of the testcases [2] and found many > packages including it verbatim. > > I'm not sure if my assessment is right and we have a DFSG problem here, > but if so, I guess this should be handled by extending the existing > lintian error.
With my lintian maint hat, they are here two approach: - autoreject based on md5sum and sha1 - autoreject based on regexp Do you have better signature than this file ? > > Thoughts? > > > [1] (where upstream is aware of it and later versions recommend to > remove the testsuite) > [1] https://codesearch.debian.net/search?q=%22Extra+comma%22%3A+true%2C > +path%3Afail9.json&perpkg=1 > > > -- > tobi >