[Pkg-fonts-devel] Bug#883107: octicons: Ships binaries without building them

[Ben Finney]

On 29-Nov-2017, Johannes Schauer wrote:
> Source: octicons
> Version: 4.4.0-1
> Severity: serious

The justification for this bug severity as “serious” is, IMO, that it
constitutes a violation of Policy §2.2.1:

    […] the packages in ‘main’ […] must not require or recommend a
    package outside of main for compilation or execution […]

This package has an undeclared build dependency: the compiler for its
font files.

That the package successfully builds is because that undeclared
dependency is circumvented, by including the non-source form of the
work in the source package. (Whether this violates Policy §4.13 is a
different matter.)

So, this bug should be resolved by:

* Removing the package until its true build dependencies (including
  the build dependency to compile the fonts from source) are all in
  Debian.

* Working with others to get those build dependencies into Debian.

* Updating the package build rules to build the packages from the
  actual source.

-- 
 \         “All my life I've had one dream: to achieve my many goals.” |
  `\                                            —Homer, _The Simpsons_ |
_o__)                                                                  |
Ben Finney <bignose at debian.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-fonts-devel/attachments/20171130/848a6884/attachment.sig>