This is about the tonto review request, bz 1197471. Here is a bundled library handling BMP graphics files. I request an exception on the ground that there is no working upstream.
The standard questions: - Has the library behaviour been modified? Don't know. There are several links to osbaldeston's library out there, but they seem to be all broken. - Could we make the forked version the canonical version within Fedora? Without looking to deep into this my impression is that this is very old code which shouldn't be used in any new application. - Are the changes useful to consumers other than the bundling application? See above. - Is upstream keeping the base library updated? No, the links to upstream are broken. - What is the attitude of upstream towards bundling? Don't know, see above. Last traces of the author osbaldeston seems to be from around 2008-2009 (?) - security ramifications of bundling? Cannot see any specific problems, this is some graphics code in a regular user application. The tonto jar library could be used in other contexts, but I still cannot see any particular problems(?)
hm... is this to say that the plan is to handle the osbaldeston BMP files in ticket #507? These files are not mentioned in that ticket.
More precise, this is about: - osbaldeston/image/BMP.Java - osbaldeston/io/PCBinaryInputStream.java - osbaldeston/io/PCBinaryOutputStream.java
We discussed this at today's meeting (http://meetbot.fedoraproject.org/fedora-meeting-1/2015-03-05/fpc.2015-03-05-17.00.txt):
Don't forget to speak to upstream/legal.
I guess the proper tag to provide would be:
Provides: bundled(osbaldeston)
We forgot to mention that in the meeting.
Sorry to miss the licensing issue here, I should have spotted it myself. It turns out that the simple solution in this case is to remove the code in a patch. My apologies for taking your time.
Metadata Update from @tibbs: - Issue assigned to james
Log in to comment on this ticket.