https://bugzilla.redhat.com/show_bug.cgi?id=2279514 --- Comment #5 from Fabio Valentini <decathorpe@xxxxxxxxx> --- (In reply to Cristian Le from comment #3) > Oh, I must have missed that one when I searched bugzilla. > > So what action do you want for this one, it is only required by `stringprep` > and if it can be decoupled there, than it is also ok. But I don't see it can > be done easily [1]. Yeah, I don't think the dependency can be dropped from stringprep easily. > As for `stringprep` it seems to be used only for `sqlx-mysql` (not really? > don't see it mentioned in code) and `sqlx-postgres` [2] I agree, the dependency seems to be unused in sqlx-mysql. So it's only a dependency in sqlx-postgres. > Otherwise should we continue from #2246779? From what I read, we need to: > - Pull in the patch in: https://github.com/dahosek/finl_unicode/pull/17 I don't think that alone would be enough. The copyright statement in the README is very strange - usually (c) "All Rights Preserved" means that something is not licensed *at all*: https://github.com/dahosek/finl_unicode?tab=readme-ov-file#unicode-copyright-notice The upstream project doesn't seem interested in addressing this issue, so I'm not sure what the best approach would be here. You might want to ask on the "legal" mailing list for help. > - Patch out the resources for benchmark? Doesn't quite make sense since srpm > would still contain the incompatible license files? I guess one option is to > ask them to move the test/benchmark files outside of crate and only in the > workspace? Would that be problematic for them? Option 1: Create a "clean" source tarball without the benchmark data. This would mean not using sources from crates.io directly. see https://github.com/statrs-dev/statrs/issues/195 for a similar issue, and https://src.fedoraproject.org/rpms/rust-fiat-crypto/blob/rawhide/f/gen_clean_tarball.sh or https://src.fedoraproject.org/rpms/rust-statrs/blob/rawhide/f/gen_clean_tarball.sh for possible ways to script creation of "clean" sources. Option 2: Submit a patch to upstream to exclude the offending files from published crates (i.e. with the "package.exclude" setting in Cargo.toml). That's more of a long-term solution, since it would require upstream to merge these changes and publish a new release for them to take effect. However, both of these don't address the Unicode license issue (or lack thereof). If you don't actually need the sqlx-postgres support, I would recommend to avoid packaging finl_unicode, stringprep, and sqlx-postgres for now, and to remove the unused stringprep dependency from sqlx-mysql, and revisit packaging the postgres support when / if the finl_unicode situation is cleared up. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component https://bugzilla.redhat.com/show_bug.cgi?id=2279514 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202279514%23c5 -- _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
