[Pkg-sssd-devel] ding-libs_0.7.0-1~exp1_amd64.changes REJECTED

[Simon Josefsson]

Thank you!  I made another upload.

I added licenserecon to Salsa and fixed some issues related to this,
including the refarray/ref_array.c which was a real problem that
upstream fixed for 0.7.0 that I missed.

For the lintian signature complaint, this seems like a corner case and a
false positive in lintian.  The 'ding-libs' package uses upstream git as
the source, not the upstream (signed) tarballs that embed several
vendored/generated files which are a supply-chain concern to review.
But debian/upstream/signing-key.asc is used by debian/watch 'Pgpmode:
gittag' to verify the PGP git tag.  I think lintian should not trigger
the warning when gittag PGP mode is used, and will report separately.

/Simon

FWIW, upstream still has some license confusion --
https://github.com/SSSD/ding-libs/issues/36 -- but at least now I hope
debian/copyright accurately reflect what upstream source code says.

Andrew McMillan <awm at debian.org> writes:

> Please add coverage of refarray/ref_array.c in debian/copyright, also please
> arrange for upstream signature as outlined in the lintian report.
>
> Thanks!
>
> Further information may be found at:
>    https://dfsg-new-queue.debian.org/reviews/ding-libs
>
> Regards, Andrew McMillan
> Member of the DFSG, Licensing & New Packages Team
>
>
>
> ===
>
> Please feel free to respond to this email if you don't understand why
> your files were rejected, or if you upload new files which address our
> concerns.
>
> _______________________________________________
> Pkg-sssd-devel mailing list
> Pkg-sssd-devel at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-sssd-devel
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1251 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-sssd-devel/attachments/20260307/1462c6b8/attachment-0001.sig>