On Fri, Nov 14, 2025 at 5:53 PM Mario Limonciello <[email protected]> wrote:
> Package: wnpp > Severity: wishlist > Owner: Mario Limonciello <[email protected]> > X-Debbugs-Cc: [email protected] > > * Package name : lemonade > Version : 9.0.2 > Upstream Contact: Jeremy Fowers <[email protected]> > * URL : https://lemonade-server.ai/ > * License : Apache2 > Programming Lang: Python > Description : Local LLM Serving with GPU and NPU acceleration > > Lemonade helps users run local LLMs with the highest performance by > configuring state-of-the-art inference engines for their NPUs and GPUs. > > There is a variety of support with different models and backends advertised > on https://lemonade-server.ai/. > > As we gain support for other related packages like transformers, > huggingfacehub > and llama.cpp it will act as a layer for users to easily access models. > > I plan to maintain it myself initially, but may talk to the Debian > deep learning team about moving it there later. > Hi Mario, This is meant as an intent-to-reject, see https://dfsg-new-queue.debian.org/reviews/lemonade for the full conversation. I'm writing this mail in the interest of transparency and engage in a more visible conversation about this package. I believe the lemonade package is currently UNACCEPTABLE for inclusion in any section of the Debian archive (main, contrib, or non-free). 1. Runtime Download of Executable Binaries The most critical blocker is the implementation of the "Backend Manager" in src/cpp/server/backends/backend_utils.cpp. The software contains logic to automatically download, extract, and execute pre-compiled binaries from GitHub (specifically from github.com/ggml-org/ and github.com/lemonade-sdk/ ). Policy Violation: Debian requires all software to be built from source within the Debian infrastructure to ensure auditability and security. Security Risk: The BackendUtils::install_from_github function fetches executables (llama-server, whisper-server, etc.) at runtime. This bypasses APT, prevents security patching by the Debian Security Team, and introduces a significant attack vector (remote execution of untrusted third-party binaries). 2. Copyright and Licensing Failures The debian/copyright file is incomplete and contains factual inaccuracies: License Incompatibility and Mislabeling: The file src/cpp/include/lemon/amdxdna_accel.h is licensed under GPL-2.0 WITH Linux-syscall-note, but debian/copyright incorrectly labels it (via a wildcard) as Apache-2.0. Apache-2.0 is generally considered incompatible with GPL-2.0. While the Linux-syscall-note exception is designed to allow linking with userspace, misrepresenting the license of a core header file is a critical failure in the copyright review process. Missing Attributions: The vendored ixwebsocket library (included in debian/ixwebsocket) contains code from numerous authors not listed in debian/copyright (e.g., Alex Hultman, Bjoern Hoehrmann, Salvatore Sanfilippo). Inaccurate Claims: debian/copyright attributes IXBase64.h to Machine Zone, Inc., but the file header clearly states Copyright (c) 2016 tomykaira. Wildcard Over-reach: The Files: * declaration claiming Apache-2.0 for the entire tree is invalidated by the presence of GPL-2.0, MIT, ISC, and BSD-3-Clause files throughout the src/ and debian/ directories that are not properly scoped. 3. Missing Source for Generated Files (DFSG 2) The source tarball contains several Windows-specific bitmap files used for installers: src/cpp/installer/installer_banner_wix.bmp src/cpp/installer/top_banner.bmp These files are provided without their "preferred form for modification" (e.g., GIMP/Photoshop source files or SVG templates). Under DFSG 2, every component of the source package must include its source code. These are currently "sourceless blobs.". -- regards, Reinhard
