Bug#956276: Bug#953487: fixed in runescape 0.7-1
Markus Koschany
apo at debian.org
Fri Apr 10 10:27:04 BST 2020
I suggest we wait a little for a response from
non-free at buildd.debian.org before we make another upload. However if
there is no response in two weeks, we can just proceed by making a
binary upload of runescape.
Bug #956275 can be resolved by replacing the runescape.png icon. The
license is most likely not BSD-2-clause. You should either document the
correct license, the image must be distributable at least, or you can
create or find your own icon. For instance you could create an image the
same size with a black, red or blue background and then you add the R S
initials in white. Simple icon, easily done.
Bug #956276 is about an additional verification step, e.g. to verify the
integrity of the launcher with a hashsum. You could store the value in a
text file in our Git repository and then fetch the value and compare it
with the hashsum of the binary before you run the java command. By
storing the value in Git we can adjust the value whenever there is a new
runescape update without having to make another Debian upload. This
could be especially useful for stable releases. In any case I would try
to avoid to hardcode the value.
I don't consider bug #956276 release critical because there is no Debian
Policy justification for it and there is no more risk involved than
downloading the file with a web browser normally poses, so it should be
treated as a normal or important bug. What you can and should do is to
improve the package description. It should be clear that src:runescape
is a mere script that downloads and runs the runescape launcher and that
Debian cannot guarantee the integrity of this binary file because it is
non-free and it is closed source. So simply warn about that in the
package description and when your script is executed. The warning
message could be displayed in a text terminal or you could use zenity to
make it more user friendly and obvious.
Regards,
Markus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-games-devel/attachments/20200410/e054cdcf/attachment-0005.sig>
More information about the Pkg-games-devel
mailing list