[Pkg-fonts-devel] Bug#883107: octicons: Ships binaries without building them
Johannes Schauer
josch at debian.org
Wed Nov 29 18:47:17 UTC 2017
Source: octicons
Version: 4.4.0-1
Severity: serious
Hi,
the octicons package ships font binary files directly copied from the
upstream tarball without building them from source. This is problematic
for two reasons:
1. it is not trivial to verify that the source code upstream supplies
is indeed the source for the binaries that we ship. Maybe a
README.Source could be added that explains how this can be verified
manually?
2. the package is distributed under the MIT license but our users will
not be able to make use of the freedoms this license is granting
them (specifically, modify the files we ship) using just the tools
in Debian main, instead they need tools outside of Debian. It is
violating the spirit of the DFSG if we are shipping files that our
users are unable to modify.
Both issues would be fixed if opticons would build the fonts from
source.
Thanks!
cheers, josch
More information about the Pkg-fonts-devel
mailing list