On Mon, 2008-03-10 at 15:38 +0000, Richard W.M. Jones wrote:
Ancillary question:
(5) If it turns out that some files aren't safe to distribute, do I need to remove them from the source tarball, and if so how? Do I have to prepare my own tarball and host it too?
You can do the fllowing: 1. Extract the files from the tarball. 2. Create a shell script which removes the questionable files from the tree. 3. Create a new tarball with an appropriate name (foobar-1.2-nouni.tar.bz2). 4. Replace the old source tarball: $ make FILES="foobar-1.2-nouni.tar.gz2" new-sources 5. Add and commit the shell script to CVS.
You can see an example of this in my packaging of drivel, which removes an MD5 implementation that was using the Aladdin Software License. That license is incompatible with the GPL code used in the rest of that software.
http://cvs.fedoraproject.org/viewcvs/rpms/drivel/F-8/?root=pkgs