[Pkg-electronics-devel] DFSG NEW review of 'arduino-cli' package

Thu Feb 19 19:20:29 GMT 2026

Hi,

Thank you Matthias for forwarding it to me.

On 19/02/2026 19:46, Matthias Geiger wrote:
> On Thu, 19 Feb 2026 10:35, Andrew McMillan <andrew at mcmillan.net.nz> wrote:
>> Hi,
>>
>> The licensing here looks... complicated.  Is that fair?
>>
>> https://dfsg-new-queue.debian.org/reviews/arduino-cli
>>
>> I've started to go through these things, I've found a few Authors that
>> perhaps were missed?

If you are talking about the "Search for authors" section of your notes, 
then the authors that are missing from d/copyright are false positive. 
They come from "library index" test files. These are snapshot of the 
"arduino library index", so they contain for each arduino library that 
you can download with arduino-cli their associated author and copyright 
statement. It does not cover any of the files in this tarball.

See:
$ grep -E -i "Jack Christensen|Lee Leahy|\(c\).*Microsoft" 
--files-with-matches -r .
./internal/arduino/libraries/librariesindex/testdata/library_index.json
./commands/testdata/libraries/full/library_index.json

>> There's a whole 3M hidden folder called
>> ".licenses" which suggests theres's already been a whole lot of due
>> diligence about this in the past.

This is a folder used by upstream maintainers to asses their 
dependencies, which are all packaged independently in Debian, so their 
copyright information is stored there.
This is why I added this folder to ignored in debian/lrc.config, to 
prevent false positives.
Maybe it should be removed from the orig tarball?

>> I see a few lines where licenserecon finds some differences in the
>> licenses in the code to what is stated in debian/copyright.

This appears to be because licenserecon does not support Files patterns 
that contain multiple wildcards. I noticed this when working on the 
copyright file, so I verified that it was allowed by the spec [1], and 
didn't find anything that would forbid the use of multiple wildcards by 
pattern, so I considered it to be a lrc bug.

I can rewrite these patterns if needed, I will simply have to add more 
of them.

[1]: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/

>> However I suspect you've already gone through all this in some
>> detail...
>>
>> Has the review found anything you missed, or do you have more
>> background for me that I should know before signing off on this?
> 
> Hi Andrew,
> 
> thanks for reaching out. I've put Nicholas in CC since they wrote the 
> majority of d/copyright. I reviewed it and sponsored it, so it LGTM.
> I'll let them comment further, since I only wrote the first rough draft.
> 
> best,
> 
> werdahias
> 

-- 
Nicolas Peugnet