Windows binary included in readpe with no source #210
Comments
davidpolverari
changed the title
|
Thank you for bringing this to my notice. I take this very seriously. When I approved the merge request I already had a bad feeling but I had made sure to find out where the file was from and I thought I also checked the license. I removed the file from the repository and it's history and remade the release. Once again: This is very serious and I really dropped the ball here. I'm sorry. |
|
Don't worry. We all know how managing open source projects is not an easy task, and it is another one we put upon ourselves in addition to our day jobs and other responsibilities. Sometimes those things happen to all of us. Most important is the way we handle it once we know. You're always doing a good job! PS: I will try to package the new version on Debian as soon as I have time. |
|
@GoGoOtaku maybe host the test file somewhere and have the test script download it if it's not present locally? Not sure if that would be a good practice though. |
|
I just added a new executable that I build using MinGW. It's less than 50KB which is about what a larger source file can be. |
Describe the bug
While I was packaging the latest readpe version for Debian, I realized the file support_files/samples/hh6d.golden.exe, which was added as a sample "hello world" binary for tests, comes with no corresponding source, nor a build system to generate it.
From the Debian standpoint, this is a violation of its free software guidelines. I could repackage upstream sources without the binary to comply with DFSG, but this would not be the best solution, as tests would not be run.
Besides, from a little bit of research, it seems that the binary comes from the pts-tinype repo. By perusing the files over there, I noticed there was no license in any of the files. This makes its inclusion even in readpe somewhat concerning from a legal standpoint.
To Reproduce
Please provide us with:
The text was updated successfully, but these errors were encountered: