> > Proposed change to Policy > > ~~~~~~~~~~~~~~~~~~~~~~~~~ > > > > 1. Explicitly allow packaging of programs that include all required > > dependencies (convenience copies, vendoring), provided that > > licenses and DFSG are respected. > > Quick question (not hostile, just to clear it up): you do realize that > this means that the package's copyright file would need to document > all the licenses of all the bundled packages, right? At the very least > to provide enough information for users and downstream distributions.
Yes, you're right. I wasn’t quoting Policy verbatim. On one hand, you’re correct: Debian does have packages with static linking / embedded copies, and I’ve also added such packages in the past. On the other hand: if I package the aforementioned Bottles and a reviewer rejects it with something like “the following packages already exist in Debian, please rework the package” and lists e.g. python3-gi, python3-gi-cairo, python3-cairo, python3-yaml, python3-pycurl, python3-requests, python3-markdown, python3-chardet, python3-idna, python3-urllib3, python3-certifi, python3-pefile, python3-yara, python3-charset-normalizer, python3-orjson, python3-pathvalidate, python3-icoextract, patool, fvs — who is “right” in that situation? The wording of Policy leaves that unclear. If Policy explicitly allowed (or disallowed) this way of packaging (with the labelling we’re discussing), there would be nothing to argue about in cases like that. PS: The Bottles authors asked distros not to package them precisely because the result is not guaranteed to work. If they say "depends on patool 4.0.0" and Debian ships 4.0.4 (or 3.9.9), they can reasonably feel the distribution is shipping something that misrepresents their project — and in a way they're right. That’s exactly the kind of situation the proposal is meant to address: a bundled/standalone package would ship the version the upstream actually tested, instead of whatever the distro has. -- . ''`. Dmitry E. Oboukhov <[email protected]> : :’ : <[email protected]> `. `~’ work: <[email protected]> `- 71ED ACFC 6801 0DD9 1AD1 9B86 8D1F 969A 08EE A756
signature.asc
Description: PGP signature
