libowasp-antisamy-java_1.5.3-1_amd64.changes REJECTED
Matthew Vernon
matthew at debian.org
Fri May 30 09:11:19 UTC 2014
Hi,
On 22/05/14 14:00, Thorsten Alteholz wrote:
> Some js-files are licensed under MIT, GPL or Apache-2. These licenses are
> not mentioned in debian/copyright.
> Please also remove all minified js-files where no sources are provided.
Right, I understand the problem now, and I'd like some advice, please,
before proceeding.
libowasp-antisamy-java (hereafter "antisamy") comes with a test suite,
which we don't use during the build process, as that would involve
creating a policy file just for the build-time tests, and I don't think
that's worth the pain right now.
Part of that test suite is a performance test (
src/test/java/org/owasp/validator/html/test/AntiSamyPerformanceTest.java
) which uses some larger items previously downloaded by upstream from
the internet ( src/test/resources/s ); it's those that contain the
minified js of uncertain license.
I can see 3 ways forward:
i) leave tarball as-is, since the test data aren't used in the build process
ii) rm src/test/resources/s and leave a note in README saying the tests
won't work even if you write a policy file because of the missing data
iii) remove the entire test suite code
What would you prefer? i) has the advantages of leaving the source as
upstream have it in their SVN ; ii) is perhaps the right compromise
option; iii) seems too extreme.
Thanks,
Matthew
More information about the pkg-java-maintainers
mailing list