Thanks for your work on this package. I've identified several policy compliance issues that should be addressed before the package is uploaded to the archive.
Missing documentation: test/kurt-tokens.txt is a large (11k+ lines) test oracle file that contains a tokenized LGPL-3.0+ copyright and license header (lines 2-32). This file is entirely undocumented in debian/copyright, which is a significant documentation gap for a file carrying a secondary license. Verbatim accuracy: The wildcard "Files: *" entry in debian/copyright lists "2012 - 2017". However, the main library code (BSD-3-Clause) only dates back to 2017. The 2012 date belongs exclusively to the LGPL-licensed kurt test files. Mixing these in the main entry is inaccurate and misrepresents the main project's history. Secondary license presence: test/__snapshots__/test.js.snap contains verbatim LGPL-3.0+ license text as part of its snapshot data. While this is generated data, it confirms the presence of LGPL-licensed content that isn't fully acknowledged in the current copyright file. -rt Further information may be found at: https://dfsg-new-queue.debian.org/reviews/node-moo Regards, Reinhard Tartler Member of the DFSG, Licensing & New Packages Team === Please feel free to respond to this email if you don't understand why your files were rejected, or if you upload new files which address our concerns.
pgpvpNrRuYXBq.pgp
Description: PGP signature
-- Pkg-javascript-devel mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
