[pkg-php-pear] Bug#934104: Bug#934104: composer: Don't use debian/copyright for LICENSE when generating autoloader
Kunal Mehta
legoktm at debian.org
Mon Aug 12 10:02:28 BST 2019
Hi,
On 8/7/19 3:26 PM, David Prévot wrote:
>> First, vendor/ directories are no longer identical with people who use an
>> upstream version of composer or from a different distribution (example:
>> https://gerrit.wikimedia.org/r/#/c/mediawiki/vendor/+/526262/1/composer/LICENSE).
>
> Why is that a problem?
It causes divergence on the output of vendor/ simply based on how
composer was installed and decreases reproducibility. In cases where the
output of vendor/ is audited (like we do at Wikimedia), this is much
more noticeable.
> ...
> I’ve updated the package to provide the upstream LICENSE file from
> /usr/share/php/data/Composer, so both issues should be fixed after the
> next upload, thanks.
Thank you very much!
-- Kunal
More information about the pkg-php-pear
mailing list