This appeared in the new queue and we agreed that I'll have a look at
the state it is in now.
- pkg namespace
- there is no collision right now
- but the name is quite short so we have to be careful.
- AFAICS there are:
- https://github.com/circle-rd/upki-ca (has a -ca which hopefully would be
used)
- https://pki.ares.com.tw/en/products/upki/ - same raw name but not open
source and hence no package inbound
- https://github.com/rustls/upki well that is you :-)
- apt search is free of upki as of today
- AFAICS you did well when naming this project I could not find other "soon
to be packaged" projects that might collide.
- binary namespace
- libupki-dev, libupki-openssl-dev, libupki-openssl1, libupki1, upki-mirror
and upki all have their content in FHS conforman t paths and all of them
namespace by "upki" in their name from /etc to /usr and all around.
- apt file is free of upki as of today
- I see no binary namespace collisions either
- Licenses
- as expected vendoring so much there is a lot ..., but none seem hard
violations
- there is a barrage of apache-2 or BSD/Expat but they are one or the other
which is fine and the files usually also list the same "A or B" in their SPDX
headers
- some expat <-> MIT mismatches which is ok as it is the same
- some GPL-2 vs GPL-2+ but those were misdetects by lrc AFAICS
- a lot in debian/copyright.in.d/* are misdetects, they are helper for your
updates but tools think they are what the text says
- Amidst the storm I found a few actual sets of mismatches that seemed legit,
but fell apart in a check.
d/copyright Actual file
ISC | Apache-2.0
rust-vendor/ring/crypto/fipsmodule/aes/asm/aes-gcm-avx2-x86_64.pl
...
But we have in d/copyright:
1001: rust-vendor/ring/* => ISC
1010: rust-vendor/ring/crypto//asm/ => Apache-2
And the more specific one should apply and * should match subdirs per DEP-5
BSD-4-clause | GPL-2
rust-vendor/codspeed/instrument-hooks/example/instrument-hooks/includes/callgrind.h
Misdetection - it actually says "The rest of Valgrind is ... GPL-2" and then
follows its own.
BSD-3-clause-aws-lc-sys| Apache-2.0
rust-vendor/aws-lc-sys/aws-lc/third_party/jitterentropy/CMakeLists.txt
This is the only actual issue I could find that was not a false-positive, it is
getting this from the project for which it is correct for the tree but
CMakeLists.txt was taken from another project as the header of the file
explains.
This isn't bluntly wrong, the file itself tracks it and you can fix this up on
the next upload - that isn't big enough to hold it back as it is.
In regard to new queue review this is thereby complete and seems acceptable.
We will need to see how this builds across arches for polishing it and making
it generally available, we discussed about this but you said you are aware. For
new queue that is no blocker (but it would later if you want to promote it for
example).
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2139297
Title:
[needs-packaging] upki
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+bug/2139297/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
