Bug#828088: licensecheck invokes find with -follow
Dominique Dumont
dod at debian.org
Sun Jun 26 14:02:01 UTC 2016
On Friday 24 June 2016 22:51:56 Sandro Mani wrote:
> I think [-follow] should be removed, for
> three reasons. Reason 1: self loops like the one in giac make find, and
> therefore licensecheck, fail. Reason 2: symlinks can point anywhere. Do
> you really want to let licensecheck run over arbitrary parts of the
> filesystem? Reason 3: every file in a package *should* be reachable
> without traversing symlinks at all. (If fedora-review doesn't have a check
> for that, it probably should.)
I agree with point 2 above.
A symlinks either points:
- inside the scanned package and the file will be found by find with another
path (furthermote, using -follow may lead to duplicate results)
- a symlink points in another package and it license should be covered by
the license description of the other package.
The commit [1] that added -follow with the scan directory feature does not
mention any specific reason to use -follow option.
All in all, I think -follow option should be removed.
Thoughts ?
All the best
[1] https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=ffd90771b2a4ebd22bc3e27d2415112fbc506571
--
https://github.com/dod38fr/ -o- http://search.cpan.org/~ddumont/
http://ddumont.wordpress.com/ -o- irc: dod at irc.debian.org
More information about the devscripts-devel
mailing list