https://bugzilla.redhat.com/show_bug.cgi?id=1830220 --- Comment #3 from Lyes Saadi <fedora@xxxxxxx> --- Hello! In this section of the guidelines: https://docs.fedoraproject.org/en-US/packaging-guidelines/#bundling > All packages whose upstreams have no mechanism to build against system > libraries MAY opt to carry bundled libraries, but if they do, they MUST > include an indication of what they bundle. This provides a mechanism for > locating libraries with bundled code which can, for example, assist in > locating packages which may have particular security vulnerabilities. > > To indicate an instance of bundling, first determine the name and version of > the bundled library: > > - If the bundled package also exists separately in the distribution, use the > name of that package. Otherwise consult the Naming Guidelines to determine an > appropriate name for the library as if it were entering the distribution as a > separate package. > > - Use the Versioning Guidelines to determine an appropriate version for the > library, if possible. If the library has been forked from an upstream, use the > upstream version that was most recently merged in or rebased onto, or the version > the original library carried at the time of the fork. > > Then at an appropriate place in your spec, add Provides: bundled(<libname>) = <version> > where <libname> and <version> are the name and version you determined above. If it > was not possible to determine a version, use Provides: bundled(<libname>) instead. > > In addition to indicating bundling in this manner, packages whose upstreams have no > mechanism to build against system libraries must be contacted publicly about a path to > supporting system libraries. If upstream refuses, this must be recorded in the spec file, > either in comments placed adjacent to the Provides: above, or in an additional file > checked into the SCM and referenced by a comment placed adjacent to the Provides: above. So, a "Provide" for each bundled libraries and the addition of the MIT License (tomboykeybinder.c) with a comment indicating the license of each bundled libraries is enough to get the package approved ;)! -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx
