https://bugzilla.redhat.com/show_bug.cgi?id=2257948 --- Comment #9 from Daniel Mellado <dmellado@xxxxxxxxxx> --- (In reply to Fabio Valentini from comment #7) > That sounds good to me, however you will still need to verify that the > vendor tarball contains only permissible content: see point 2 in my previous > comment https://bugzilla.redhat.com/show_bug.cgi?id=2257948#c3 > > This will likely require at least some amount of modifying and / or patching > the sources of some vendored dependencies, similar to what we do in the > Fedora package for the fiat-crypto crate. I have not done a complete audit > of the vendor tarball though, so there is likely other stuff that would need > to be cleaned up for legal reasons. Thanks, that make sense, we'll take a look at that crate but, are there any specific guidelines for this audit to be done? -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component https://bugzilla.redhat.com/show_bug.cgi?id=2257948 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202257948%23c9 -- _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
