Bug#738583: libcglib-java - Uses jarjar without proper copyright or Built-Using
tony mancill
tmancill at debian.org
Tue Feb 11 04:16:10 UTC 2014
On 02/10/2014 12:54 PM, Bastian Blank wrote:
> Package: libcglib-java
> Version: 2.2.2+dfsg-5
> Severity: serious
>
> libcglib-java uses jarjar to incoporate libasm3-java. It does this
> without mentioning the license of the incorporated stuff or even listing
> it as Built-Using.
Hi Bastian,
Thanks for bringing this up. It appears that everything that build
depends on libjarjar-java or libjarjar-maven-plugin-java is likely
suspect for this type of problem.
Instead of Built-Using or updating debian/copyright, it seems preferable
to refactor the source to use the actual libasm3-java JAR, although I
haven't yet looked into how much effort that will require.
Cheers,
tony
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 880 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20140210/094d9cd3/attachment.sig>
More information about the pkg-java-maintainers
mailing list