On 10/02/2013 10:23 PM, Faidon Liambotis wrote:
Package: asterisk
Version: 1:11.5.1~dfsg-2
Severity: serious
I was surprised and initially happy to see Asterisk 11 uploaded into
sid. My happiness quickly diminished when I saw that the upload contains
the embedded pjproject as-is, despite this issue having been flagged for
months now and being the sole blocker for an upload since the release of
Asterisk 11 eleven months ago.
There are several policy violations here:
- Contains a convenience copy of pjproject under res/pjproject (§4.13)
This is indeed a slip-up, the pjproject source was definitely intended to be
stripped from
the asterisk tarball, as documented in debian/changelog. I found the commit
which removed
the pjproject-stripping-code from debian/rules:
http://anonscm.debian.org/gitweb/?p=pkg-voip/asterisk.git;a=commitdiff;h=6148e287cc35d0756785af74fe2bfa6f3148d706
- pjproject itself contains convenience copies of several libraries
under res/pjproject/third_party/ some of which already packaged in
Debian (§4.13)
- All of the above are completely undocumented in d/copyright (§12.5)
- Not only they are undocumented, but it looks like no audit has
happened on them whatsoever. From a very cursory look, at least
res/pjproject/third_party/milenage/ res/pjproject/third_party/g7221/
seem to completely lack license information other than the occasional
All right reserved, which makes them undistributable by Debian or
anyone else. (§2.3)
You may not have noticed, but pjproject has its own package:
http://packages.qa.debian.org/p/pjproject.html
Go take a look at the pjproject packaging and you will find these points have
been addressed.
I'm baffled on how a DD could ever upload this into the archive, esp.
since these issues were widely known and discussed beforehand. Please
refrain from making such uploads in the future, as it's both a disgrace
to Debian's standards and a legal risk.
I suggest you have more than a cursory look next time before using this kind of
tone.
Thanks anyway for the report,
Jeremy
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org