Hi, I've taken a look at this package as found at https://salsa.debian.org/debian/publicfile/-/tree/debian/0.52-13?ref_type=tags and wanted to share my thoughts on it with you:
nothing in the source code contains any copyright statement. I do see that https://cr.yp.to/distributors.html places publicfile 0.5.2 with the sha256 checksum 3f9fcf737bfe48910812cc357a31bf1f2e3da2490dbd175ce535830f251c08ef into the public domain, and I wish that was clearly visible in the tarball. In debian/copyright, I see a statement to debian/patches/errno.patch that attributes the copyright to [email protected]. I see two issues with that: a) you cannot assign a copyright to an email address. It needs to be a person or similar b) the comment below then claims that this patch wasn't subject to copyright law. That's a bold statement and unlikely to be true given how many jurisdictions we have on this planet. Please ask the original author(s) of the patch about the licensing terms, and suggest public domain. Do copy their response in debian/copyright as appropriate. I would recommend to REJECT this package until the licencing terms of the patches are clarified. On a personal note? Do you expect further updates and releases of publicfile? How frequently do you expect them to happen, and what licensing terms do you expect them to be placed on? best, -rt
