Bug#728777: sumo: Source and binary package contain binary (jar) files without source

Anton Gladky gladk at debian.org
Tue Nov 5 17:53:36 UTC 2013 

found 728777 0.15.0~dfsg-2
thanks

Thanks for bugreport, Andreas. It is really an issue and even
affects the version, which is in stable now.

The only "quick and dirty" solution  is the stripping of all
*.jar files in sumo-tools package/source.

Sumo-tools is the package, containing additional programs for
sumo and is not directly connected to the main sumo-core files.

I think the removal of those jar-files will not hurt  I am not not an
experienced sumo-user, so I cm CC-ing one of upstream
authors for clarification (Michael, could you, please, confirm that?).

Thanks,

Anton

2013/11/5 Andreas Tille <tille at debian.org>:
> Source: sumo
> Severity: serious
> Justification: Policy 2.2.3.
>
> Hi,
>
> the package source contains several jar files without source:
>
> $ find sumo-0.18~dfsg/ -name "*.jar"
> sumo-0.18~dfsg/tools/traceExporter/traceExporter.jar
> sumo-0.18~dfsg/tools/traceExporter/libs/stax-api-1.0.jar
> sumo-0.18~dfsg/tools/traceExporter/libs/stax-1.2.0.jar
> sumo-0.18~dfsg/tools/contributed/calibration/cadytsSumoController.jar
> sumo-0.18~dfsg/tools/contributed/trafficmodeler/lib/colt.jar
> sumo-0.18~dfsg/tools/contributed/trafficmodeler/jar/SUMOTrafficModeler.jar
> sumo-0.18~dfsg/tools/contributed/sumoplayer/lib/javaproj-1.0.4.jar
> sumo-0.18~dfsg/tools/contributed/sumoplayer/lib/xerces_2_5_0.jar
> sumo-0.18~dfsg/tools/contributed/traci4j/lib/xercesImpl.jar
> sumo-0.18~dfsg/tools/contributed/traci4j/lib/log4j.jar
> sumo-0.18~dfsg/tools/contributed/traci4j/lib/junit.jar
> sumo-0.18~dfsg/tools/contributed/traci4j/lib/org.hamcrest.core_1.1.0.v20090501071000.jar
>
> Some of them are ending up in the binary package sumo-tools - at least
>
>    /usr/share/sumo/tools/contributed/trafficmodeler/lib/colt.jar
>
> is installed.  While I can see a fair chance to easily strip some of the
> *.jar files from the source without any loss of functionality (for
> instance log4j.jar and junit.jar are packaged and in main) by using
> enhanced uscan[1] I think the package has at least to go into contrib
> since colt.jar is not free.
>
> The Debian Med team is maintaining libcolt-java in
>
>   svn://anonscm.debian.org/debian-med/trunk/packages/libcolt-java/trunk/
>
> (BTW, it contains an example how to use the enhanced uscan[1] )
> and we did not yet managed to replace one particular part, namely
>
>   Files: src/hep.aida.*
>
> by freely licensed code.  It is
>
>   LGPL License, with the exception that any usage related to military
>   applications is expressly forbidden
>
> :-(  The problem is that we did not yet managed to contact the authors.
> There is some hope to replace this code by digging the freehep
> project[2] but this was not yet implemented.  So in case you can not
> just drop colt.jar you can at least depend from libcolt-java and move
> sumo to contrib rather than non-free (provided you can deal with the
> other *.jar files somehow).
>
> Kind regards
>
>         Andreas.
>
> [1] http://wiki.debian.org/UscanEnhancements
>
> -- System Information:
> Debian Release: 7.2
>   APT prefers stable
>   APT policy: (500, 'stable')
> Architecture: i386 (i686)
>
> Kernel: Linux 2.6.36-xenU-4814-i386 (SMP w/1 CPU core)
> Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
>
> --
> debian-science-maintainers mailing list
> debian-science-maintainers at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/debian-science-maintainers

More information about the debian-science-maintainers mailing list