[Pkg-javascript-devel] node-moo_0.5.2-1_amd64.changes REJECTED
Joe Nahmias
joe at nahmias.net
Tue Jun 2 05:11:31 BST 2026
On Tue, Jun 02, 2026 at 01:00:08AM +0000, Reinhard Tartler wrote:
>
> Thanks for your work on this package. I've identified several policy
> compliance issues that should be addressed before the package is
> uploaded to the archive.
>
> Missing documentation: test/kurt-tokens.txt is a large (11k+ lines)
> test oracle file that contains a tokenized LGPL-3.0+ copyright and
> license header (lines 2-32). This file is entirely undocumented in
> debian/copyright, which is a significant documentation gap for a
> file carrying a secondary license.
>
> Verbatim accuracy: The wildcard "Files: *" entry in debian/copyright
> lists "2012 - 2017". However, the main library code (BSD-3-Clause)
> only dates back to 2017. The 2012 date belongs exclusively to the
> LGPL-licensed kurt test files. Mixing these in the main entry is
> inaccurate and misrepresents the main project's history.
>
> Secondary license presence: test/__snapshots__/test.js.snap contains
> verbatim LGPL-3.0+ license text as part of its snapshot data. While
> this is generated data, it confirms the presence of LGPL-licensed
> content that isn't fully acknowledged in the current copyright file.
>
> -rt
>
> Further information may be found at:
> https://dfsg-new-queue.debian.org/reviews/node-moo
>
> Regards, Reinhard Tartler
> Member of the DFSG, Licensing & New Packages Team
>
>
>
> ===
>
> Please feel free to respond to this email if you don't understand why
> your files were rejected, or if you upload new files which address our
> concerns.
new version uploaded with fixes to the above.
Thanks
--Joe
More information about the Pkg-javascript-devel
mailing list