Bug#676164: UUID-0.04 marked "UNAUTHORIZED RELEASE" on CPAN

Mon Jun 18 11:38:47 UTC 2012

On Sun, Jun 17, 2012 at 10:40:21PM -0400, Jonathan Yu wrote:
> I spent a few spare cycles to do a quick investigation. The good news is that
> it looks like your instincts were correct. However, in summary, I would suggest
> a removal of the UUID module from Debian if possible. The full diff between
> UUID-0.02/UUID-0.04 is small, so it is pasted at the bottom of this message.

I don't see the need for the removal of a package which, altough old-fashioned,
works without problems, doesn't have RC bugs and hasn't required maintainance
for a long time.

> 2. No license or copyright information exists in UUID 0.02:

You probably missed the comment in the copyright file of the libuuid-perl
package...

> 3. Last upload of the UUID module (version 0.02) was in 2001; the packaging
> style seems to be of quite an old vintage. There are serious outstanding bugs
> on the RT (not installable on CentOS) that do not have replies from the package
> maintainer. This means that Debian is effectively the maintainer (there is no
> upstream), which would certainly put greater load on the pkg-perl team than
> desired.

I see two entries in the RT queue of UUID, which are in practice the same bug
(i.e. cannot build on CentOS) which IMO is caused by the fact that the reporters
haven't installed uuid-dev (or whatever it is called on CentOS). I can build it
with no problems here, so I don't see how we are affected.

As for the abandoned state, yes it's unfortunate, but given the lack of problems
I don't see why worry. Also, AFAICT the whole UUID distribution is no more than
100 lines of XS/Perl code which tightly wrap the libuuid API: nothing that can't
be handled IMO.

> 5. The UUID 0.04 doesn't add much over UUID 0.02 - it seems the only notable
> change is the addition of licensing information which isn't actually legal
> (since the authors that added that license do not appear to be copyright
> holders).

Agreed, there's no need to package the 0.04 (if legal at all).

Anyway, has anyone tried to contact the original author? As a last resort, one
can also try to contact the PAUSE admins to see if they are willing to grant
co-maintainership of UUID to someone else (see PAUSE docs [0]).

Cheers

[0] http://pause.perl.org/pause/query?ACTION=pause_04about#takeover

-- 
perl -E '$_=q;$/= @{[@_]};and s;\S+;<inidehG ordnasselA>;eg;say~~reverse'
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20120618/d1171fe1/attachment.pgp>