[ Nicholas D Steeves ] > Upload rejected because ftpmasters did not accept that the public domain > works had been implicitly relicensed by upstream as BSD-3-clause, > because I missed one Linux kernel image file in the test data (which > needs source to be DFSG free and for license compliance; this one is > admittedly serious), and because there was some incredulity about the > licensing of other test data. With the exception of the Linux kernel > image (absent in v2), the licensing of same test data was not considered > a problem for golang-github-pierrec-lz4 (v2). > > So for now progress towards fulfilling this ITP is blocked, and thus > progress towards Syncthing 1.19.2 is blocked. I believe it would be > unwise to exclude all test data from a +dfsg orig tarball (and disable > the tests), because this would expose Syncthing users' data to greater > potential risk than using an older version of Syncthing with a > golang-github-pierrec-lz4 (v2) with CI coverage. This is now a blocker on a recent upstream release of golang-github-gocql-gocql as well. I understand the argument about excluding test data, but there is probably a point at which users would be better served by a golang-github-pierrec-lz4.v4 without (complete) test coverage, than they would be without syncthing, or a modern gocql driver. Perhaps we move forward with a repackaged upstream tarball while waiting for upstream to fix these issues? Cheers, -- Eric Evans eevans@debian.org
Attachment:
signature.asc
Description: PGP signature