On Wed, Jul 27, 2016 at 11:09 AM, Boyuan Yang wrote: > 1. Upstream put some *CA certificates* of VeriSign and Thawte inside > repository and intends to install it into final binary package. I > don't know how to write copyright information for these files. What > should I do to deal with this problem?
I'm not sure, but I expect these certificates are not copyrightable. > 2. Even though it is a C++/Qt project, upstream is providing a small > prebuilt .jar file for feature enhancement. The source code for the > .jar file is provided as well. Does it mean that I should drop > prebuilt jar file and rebuild it from source code utilizing the > toolchain of Java during building process? Yes please. I would suggest that upstream remove it from their source tarball and VCS and adjust their build system to always build it from scratch. They can include the pre-built jar in their binary package downloads and or as a separate download for people who only want to have to build the C++ parts. > 3. When adding debian-specific patches, do I have to write > pseudo-headers for patch diff file? This would be a good idea but not mandatory, please follow DEP-3 when adding such headers though. http://dep.debian.net/deps/dep3/ -- bye, pabs https://wiki.debian.org/PaulWise