https://bugzilla.redhat.com/show_bug.cgi?id=2257948 --- Comment #7 from Fabio Valentini <decathorpe@xxxxxxxxx> --- That sounds good to me, however you will still need to verify that the vendor tarball contains only permissible content: see point 2 in my previous comment https://bugzilla.redhat.com/show_bug.cgi?id=2257948#c3 This will likely require at least some amount of modifying and / or patching the sources of some vendored dependencies, similar to what we do in the Fedora package for the fiat-crypto crate. I have not done a complete audit of the vendor tarball though, so there is likely other stuff that would need to be cleaned up for legal reasons. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component https://bugzilla.redhat.com/show_bug.cgi?id=2257948 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202257948%23c7 -- _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
