Source: vde2 Version: 2.3.2+r586-2.2+b1 Severity: serious Justification: Policy ยง12.5
Greetings, during the review of this package in the NEW queue I discovered various issues that are already present in the current unstable version of the package as outlined below. These files are marked in the copyright file as BSD-4-clause, but the files themselves only contain 3 clauses: * src/slirpvde/cksum.c * src/slirpvde/ip.h * src/slirpvde/ip_icmp.c * src/slirpvde/ip_icmp.h * src/slirpvde/ip_input.c * src/slirpvde/ip_output.c * src/slirpvde/mbuf.h * src/slirpvde/misc.c * src/slirpvde/qemu-queue.h * src/slirpvde/tcp.h * src/slirpvde/tcp_input.c * src/slirpvde/tcp_output.c * src/slirpvde/tcp_subr.c * src/slirpvde/tcp_timer.c * src/slirpvde/tcp_timer.h * src/slirpvde/tcp_var.h * src/slirpvde/tcpip.h * src/slirpvde/udp.c * src/slirpvde/udp.h The following authors are not attributed in the copyright file for files that list them as copyright holders. This list is not necessarily exhaustive. Please check every file and make sure all authors in the files are attributed in debian/copyright. 2002 Yon Uriarte, Jeff Dike: * README 2014 Renzo Davoli, Alessandro Ghedini VirtualSquare: * src/vde_vxlan/plug.h 2001,2002 Jeff Dike: * src/kvde_switch/consmgmt.h * src/kvde_switch/datasock.h * src/kvde_switch/kvde_switch.c * src/vde_switch/consmgmt.h * src/vde_switch/datasock.h * src/vde_switch/fstp.h * src/vde_switch/hash.c * src/vde_switch/hash.h * src/vde_switch/port.c * src/vde_switch/port.h * src/vde_switch/switch.h * src/vde_switch/tuntap.h * src/vde_switch/vde_switch.c * src/vde_tunctl.c * src/vde_tunctl.c 2004 Mattia Belletti: * src/kvde_switch/consmgmt.c * src/kvde_switch/datasock.c * src/kvde_switch/sockutils.c * src/kvde_switch/sockutils.h * src/vde_switch/consmgmt.c * src/vde_switch/datasock.c * src/vde_switch/sockutils.c * src/vde_switch/sockutils.h * src/vde_switch/tuntap.c * src/vde_switch/vde_switch.c 2007 Luca Bigliardi: * include/cmdparse.h * include/libvdemgmt.h * src/common/cmdparse.c * src/lib/libvdemgmt.c * src/lib/libvdesnmp.c * src/unixcmd.c * src/vde_pcapplug.c 2006-2011 Daniele Lacamera: * src/lib/python/VdePlug.py * src/lib/python/vdeplug_python.c * src/vde_cryptcab/crc32.c * src/vde_cryptcab/crc32.h * src/vde_cryptcab/cryptcab.c * src/vde_cryptcab/cryptcab.h * src/vde_cryptcab/vde_cryptcab_client.c * src/vde_cryptcab/vde_cryptcab_server.c * src/vde_l3/vde_buff.h * src/vde_l3/vde_l3.c * src/vde_router/vde_headers.h * src/vde_router/vde_router.c * src/vde_router/vde_router.h * src/vde_router/vder_arp.c * src/vde_router/vder_arp.h * src/vde_router/vder_datalink.c * src/vde_router/vder_datalink.h * src/vde_router/vder_icmp.c * src/vde_router/vder_icmp.h * src/vde_router/vder_olsr.c * src/vde_router/vder_packet.c * src/vde_router/vder_packet.h * src/vde_router/vder_queue.c * src/vde_router/vder_queue.h 2005 Ludovico Gargenghi: * src/common/canonicalize.c * src/common/poll.c 2005 Richard Kettlewell: * src/common/open_memstream.c 2007 Filippo Giunchedi: * include/libvdesnmp.h 2004-2008 Fabrice Bellard: * src/slirpvde/bootp.c * src/slirpvde/slirp.c 2004 Magnus Damm: * src/slirbvde/tftp.c 2007 Daniel Lacamera, 200 Florian Heinz, Julien Oster: * src/vde_over_ns/dns.c * src/vde_over_ns/dns.h * src/vde_over_ns/dns_proto.h * src/vde_over_ns/encode.c * src/vde_over_ns/fun.h * src/vde_over_ns/pstack.c * src/vde_over_ns/pstack.h * src/vde_over_ns/queue.c * src/vde_over_ns/util.c * src/vde_over_ns/vde_io.c * src/vde_over_ns/vde_over_ns.c 1999 Andrea Arcangeli: * src/vde_router/rbtree.c * src/vde_router/rbtree.h 2002 David Woodhouse: * src/vde_router/rbtree.c Allessandro Ghedini VirtualSquare: * src/vde_vxlan/log.c * src/vde_vxlan/log.h * src/vde_vxlan/plug.c * src/vde_vxlan/plug.h * src/vde_vxlan/vde_vxlan.c * src/vde_vxlan/vxlan.c * src/vde_vxlan/vxlan.h * src/vde_vxlan/vxlan_hash.c * src/vde_vxlan/vxlan_hash.h And finally a matter of personal taste: debian/copyright contains the following line: > Licenses for some components in src/slirpvde in addition to GPL-2: and then goes on to list the licenses that apply to some files in that directory. I think this fullfills the requirement of stating the license conditions for those files, but it doesn't really help me if I want to know *which* files these license conditions apply to. Stating the files each of these licenses applies to explicitly would make the statement more helpful, especially to ftp-masters doing future reviews of this package. Regards Sven -- System Information: Debian Release: bullseye/sid APT prefers testing-debug APT policy: (990, 'testing-debug'), (990, 'testing'), (102, 'unstable-debug'), (102, 'unstable'), (101, 'experimental-debug'), (101, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.6.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE=de_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled