[Pkg-fonts-devel] Bug#883107: octicons: Ships binaries without building them

Johannes Schauer josch at debian.org
Wed Nov 29 18:47:17 UTC 2017

Source: octicons
Version: 4.4.0-1
Severity: serious


the octicons package ships font binary files directly copied from the
upstream tarball without building them from source. This is problematic
for two reasons:

 1. it is not trivial to verify that the source code upstream supplies
    is indeed the source for the binaries that we ship. Maybe a
    README.Source could be added that explains how this can be verified

 2. the package is distributed under the MIT license but our users will
    not be able to make use of the freedoms this license is granting
    them (specifically, modify the files we ship) using just the tools
    in Debian main, instead they need tools outside of Debian. It is
    violating the spirit of the DFSG if we are shipping files that our
    users are unable to modify.

Both issues would be fixed if opticons would build the fonts from


cheers, josch

More information about the Pkg-fonts-devel mailing list