[pkg-go] Comments regarding libpod_2.1.1+dfsg1-1_multi.changes

Joerg Jaspert ftpmaster at ftp-master.debian.org
Sun Dec 6 21:03:31 GMT 2020 

Hi Maintainer,

the following are comments from a review one ftp trainee has done on
your package. While I will accept your package (nothing warrants a
reject), please fix them in your next upload.

Comments
========

[ d/c : debian/copyright ]

- d/c contains

  Files: pkg/util/camelcase/*
  Copyright:
      2016-2019 Red Hat, Inc.
   2015, Fatih Arslan
  License: Apache-2.0 or Expat

  Files: pkg/util/camelcase/README.md
    pkg/util/camelcase/camelcase.go
  Copyright:
      2016-2019 Red Hat, Inc.
  License: Apache-2.0

 However, I only see this in file pkg\util\camelcase\LICENSE.md:

  MIT, Copyright (c) 2015 Fatih Arslan
  cannot see any Copyright to RedHat. Nor in the other files of this directory.

/ *********
- podman-2.1.1\vendor\github.com\gorilla\schema\cache.go has license MIT ( the
  license file mentions Copyright (c) 2012 Rodrigo Moraes) and
  Copyright 2012 The Gorilla Authors. All rights reserved., but d/c mentions:
  License: Apache-2.0
*********/

- File: vendor/github.com/nxadm/tail/ratelimiter/Licence has bad transcription
  of copyright owner.

- Why is the d/c saying this:

  Files: vendor/github.com/nxadm/tail/ratelimiter/*
  Copyright:
  2016-2019 Red Hat, Inc.
  License: Apache-2.0

  if the podman-2.1.1\vendor\github.com\nxadm\tail\ratelimiter\Licence says:

  Copyright (C) 2013 99designs and has a BSD-like license text ?

- podman-2.1.1\vendor\github.com\nxadm\tail\watch\filechanges.go has not
  copyright/license notice and the directory has no License file, but d/c
  mentions:

  Files: vendor/github.com/nxadm/tail/watch/*
  Copyright: 2015, HPE Software Inc.
    2013, ActiveState Software Inc.
  License: Apache-2.0

  and then d/c mentions:

  Files: vendor/github.com/nxadm/tail/watch/filechanges.go
  Copyright:
      2016-2019 Red Hat, Inc.
  License: Apache-2.0

  How do they actually know that this single file is actually copyright Red Hat
  licensed Apache-2.0 ?
l
- Analogous for podman-2.1.1\vendor\github.com\nxadm\tail\winfile\winfile.go.

- The whole podman-2.1.1\vendor\github.com\uber\jaeger-client-go\thrift\
  directory seems Licensed to the Apache Software Foundation (ASF) but nothing
  shows up in d/c. And there is no NOTICE file in this directory, while the
  paragraph says: See the NOTICE file...

- Files: vendor/github.com/varlink/*
  Copyright: 2018-2019 The varlink authors and/or their companies
  License: Apache-2.0

  What is the use of such copyright if the authors are listed nowhere ?

- podman-2.1.1\vendor\github.com\willf\bitset\LICENSE says BSD-3-clause license
  and nothing else, but d/c says:

  License: Apache-2.0 or BSD-3-clause

- In d/c, they say:
    Files: vendor/github.com/willf/bitset/Makefile
      vendor/github.com/willf/bitset/README.md
      vendor/github.com/willf/bitset/bitset.go
      vendor/github.com/willf/bitset/popcnt.go
      vendor/github.com/willf/bitset/popcnt_19.go
      vendor/github.com/willf/bitset/popcnt_amd64.go
      vendor/github.com/willf/bitset/popcnt_generic.go
      vendor/github.com/willf/bitset/trailing_zeros_18.go
      vendor/github.com/willf/bitset/trailing_zeros_19.go
    Copyright:
        2016-2019 Red Hat, Inc.
    License: Apache-2.0

  but I do not understand how they conclude to that copyright and licence, as
  the previous point mentions BSD-3-clause license and copyright to 2014 Will Fitzgerald.

- podman-2.1.1\vendor\go.etcd.io\bbolt\LICENSE mentions:

  The MIT License (MIT) and Copyright (c) 2013 Ben Johnson.

  but the d/c says:

    Files: vendor/go.etcd.io/bbolt/Makefile
      vendor/go.etcd.io/bbolt/README.md
      vendor/go.etcd.io/bbolt/bolt_386.go
      vendor/go.etcd.io/bbolt/bolt_amd64.go
      vendor/go.etcd.io/bbolt/bolt_arm.go
      [snip]
      vendor/go.etcd.io/bbolt/tx.go
      vendor/go.etcd.io/bbolt/unsafe.go
    Copyright:
        2016-2019 Red Hat, Inc.
    License: Apache-2.0

  I do not understand how they can say this.

- podman-2.1.1\vendor\go.mozilla.org\pkcs7\LICENSE says:

  The MIT License (MIT)  Copyright (c) 2015 Andrew Smith

  but d/c says:

    Files: vendor/go.mozilla.org/*
    Copyright:
        2016-2019 Red Hat, Inc.
     2015, Andrew Smith
    License: Apache-2.0 or Expat

    Files: vendor/go.mozilla.org/pkcs7/Makefile
      vendor/go.mozilla.org/pkcs7/README.md
      vendor/go.mozilla.org/pkcs7/ber.go
      vendor/go.mozilla.org/pkcs7/decrypt.go
      vendor/go.mozilla.org/pkcs7/encrypt.go
      vendor/go.mozilla.org/pkcs7/go.mod
      vendor/go.mozilla.org/pkcs7/pkcs7.go
      vendor/go.mozilla.org/pkcs7/sign.go
      vendor/go.mozilla.org/pkcs7/verify.go
    Copyright:
        2016-2019 Red Hat, Inc.
    License: Apache-2.0

  How can they say that ?

- d/c mentions:

    Files: vendor/google.golang.org/protobuf/AUTHORS
    Copyright: purposes.
    License: Apache-2.0

  There is nothing like purposes in this file. Is this an automated d/c or what?

/ *******

- podman-2.1.1\vendor\google.golang.org\protobuf\LICENSE is BSD-3-Clause-like
  and that license seems to govern the contents of the protobuf directory, but

  d/c says:

 Files: vendor/google.golang.org/protobuf/encoding/*
 Copyright: 2009, 2018-2020, The Go Authors.
 License: Apache-2.0

 Same for all the other protobuf stanzas in d/c.

******** /

- podman-2.1.1\vendor\k8s.io\apimachinery\third_party\forked\golang\netutil\addr.go
  has no copyright notice nor license and it is not clear what these
  might be.

--
bye Joerg

More information about the Pkg-go-maintainers mailing list