Source: sqlite3 Severity: serious Dear Maintainer,
The license file[0] of src:sqlite3 states that the debian/* files are licensed under GPLv2+. Which means that the debian specific patches are applied as GPLv2+, which in turn may convert the whole package into GNU GPLv2+. This may make the libraries (libsqlite3, and so on) too to be licensed under GNU GPLv2+, and thus every library and package linked to it to be too licensed under GNU GPLv2+ (or even GNU GPLv3+). Right now, the patches are so small to have any legal issues with it (I hope), but it would be better to let the patches have the same license as the file to which it is applied. It is okay to have debian/* to GPLv2+ license (I myself am happy to see more GNU GPL packages), but debian/patches/* should follow the package license. This may cause unintended harms to people who are giving commercial support to their own application AND the Debian (or Derivatives) installation. I didn't find such a suggestion in debian policy. Or am I wrong? Thanks [0] http://metadata.ftp-master.debian.org/changelogs/main/s/sqlite3/unstable_copyright -- System Information: Debian Release: 9.0 APT prefers testing-debug APT policy: (500, 'testing-debug'), (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- no debconf information