[Pkg-electronics-devel] DFSG NEW review of 'arduino-cli' package
Andrew McMillan
andrew at mcmillan.net.nz
Thu Feb 19 21:27:52 GMT 2026
All of this makes sense to me. I've accepted now.
Perhaps you could file a bug against licenserecon highlighting the
issue with lrc?
Thanks,
Andrew.
On Thu, 2026-02-19 at 20:20 +0100, Nicolas Peugnet wrote:
> Hi,
>
> Thank you Matthias for forwarding it to me.
>
> On 19/02/2026 19:46, Matthias Geiger wrote:
> > On Thu, 19 Feb 2026 10:35, Andrew McMillan <andrew at mcmillan.net.nz>
> > wrote:
> > > Hi,
> > >
> > > The licensing here looks... complicated. Is that fair?
> > >
> > > https://dfsg-new-queue.debian.org/reviews/arduino-cli
> > >
> > > I've started to go through these things, I've found a few Authors
> > > that
> > > perhaps were missed?
>
> If you are talking about the "Search for authors" section of your
> notes,
> then the authors that are missing from d/copyright are false
> positive.
> They come from "library index" test files. These are snapshot of the
> "arduino library index", so they contain for each arduino library
> that
> you can download with arduino-cli their associated author and
> copyright
> statement. It does not cover any of the files in this tarball.
>
> See:
> $ grep -E -i "Jack Christensen|Lee Leahy|\(c\).*Microsoft"
> --files-with-matches -r .
> ./internal/arduino/libraries/librariesindex/testdata/library_index.js
> on
> ./commands/testdata/libraries/full/library_index.json
>
> > > There's a whole 3M hidden folder called
> > > ".licenses" which suggests theres's already been a whole lot of
> > > due
> > > diligence about this in the past.
>
> This is a folder used by upstream maintainers to asses their
> dependencies, which are all packaged independently in Debian, so
> their
> copyright information is stored there.
> This is why I added this folder to ignored in debian/lrc.config, to
> prevent false positives.
> Maybe it should be removed from the orig tarball?
>
> > > I see a few lines where licenserecon finds some differences in
> > > the
> > > licenses in the code to what is stated in debian/copyright.
>
> This appears to be because licenserecon does not support Files
> patterns
> that contain multiple wildcards. I noticed this when working on the
> copyright file, so I verified that it was allowed by the spec [1],
> and
> didn't find anything that would forbid the use of multiple wildcards
> by
> pattern, so I considered it to be a lrc bug.
>
> I can rewrite these patterns if needed, I will simply have to add
> more
> of them.
>
> [1]:
> https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
>
> > > However I suspect you've already gone through all this in some
> > > detail...
> > >
> > > Has the review found anything you missed, or do you have more
> > > background for me that I should know before signing off on this?
> >
> > Hi Andrew,
> >
> > thanks for reaching out. I've put Nicholas in CC since they wrote
> > the
> > majority of d/copyright. I reviewed it and sponsored it, so it
> > LGTM.
> > I'll let them comment further, since I only wrote the first rough
> > draft.
> >
> > best,
> >
> > werdahias
> >
>
> --
> Nicolas Peugnet
--
----------------------------------------------------------------------
Porirua, New Zealand +64 (27) 288 6741
Flexibility is overrated. Constraints are liberating.
----------------------------------------------------------------------
More information about the Pkg-electronics-devel
mailing list