Il 11/03/23 14:58, Petr Menšík ha scritto: > Hi! > > I own htdig package, which got recently discovered license issue with > bundled libdb version ~3.x [1]. I think the only reason it is still in > Fedora is that just compiled for years back. I doubt anyone is using it > at the moment and I have never used it myself. I just inherited it when > joined Red Hat and just once fixed FTBFS bug, otherwise there weren't > been any feedback to it for years. > > It uses undeclared libdb copy with Sleepycat license, which were > declared incompatible for Fedora [2]. I don't want to invest time to > make it compile with alternative database, because I don't think time > spent on it is worth it. If anyone would like to maintain and solve > those issues, send me a mail. I am happy to give it to anyone else. > Upstream is long dead though. > > Is it enough if I orphan that package? Is there any guidance where > existing package is found to have licensing problem, how should it be > solved? Should something be done to the stable branches also? Should it > be retired from all stable branches as well? How should I proceed in > this case? > > Best Regards, > Petr > My memory suggests that for this kind of trouble not only the package has to be retired in stable branches too, but the offending sources must also be deleted from lookaside cache to prevent being distributed by Fedora. However, I can't find anymore where this was written... Mattia _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
