[Pkg-javascript-devel] node-moo_0.5.2-1_amd64.changes REJECTED
Reinhard Tartler
siretart at debian.org
Tue Jun 2 02:00:08 BST 2026
Thanks for your work on this package. I've identified several policy
compliance issues that should be addressed before the package is
uploaded to the archive.
Missing documentation: test/kurt-tokens.txt is a large (11k+ lines)
test oracle file that contains a tokenized LGPL-3.0+ copyright and
license header (lines 2-32). This file is entirely undocumented in
debian/copyright, which is a significant documentation gap for a
file carrying a secondary license.
Verbatim accuracy: The wildcard "Files: *" entry in debian/copyright
lists "2012 - 2017". However, the main library code (BSD-3-Clause)
only dates back to 2017. The 2012 date belongs exclusively to the
LGPL-licensed kurt test files. Mixing these in the main entry is
inaccurate and misrepresents the main project's history.
Secondary license presence: test/__snapshots__/test.js.snap contains
verbatim LGPL-3.0+ license text as part of its snapshot data. While
this is generated data, it confirms the presence of LGPL-licensed
content that isn't fully acknowledged in the current copyright file.
-rt
Further information may be found at:
https://dfsg-new-queue.debian.org/reviews/node-moo
Regards, Reinhard Tartler
Member of the DFSG, Licensing & New Packages Team
===
Please feel free to respond to this email if you don't understand why
your files were rejected, or if you upload new files which address our
concerns.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-javascript-devel/attachments/20260602/282d39ef/attachment.sig>
More information about the Pkg-javascript-devel
mailing list