When I first looked the source package, I only looked at d/copyright. Since I
didn't see Files-Excluded, and the upstream tarball didn't include '+dfsg' in
the name, I assumed the infringing files were not included.
Looking closer, I see that the files were actually removed, so this
source/package doesn't actually constitute a copyright violation, although this
is still a problem in upstream.
Moritz, would you be willing to include Files-Excluded: common/db-wrapper in
d/copyright and add +dfsg to d/watch? It looks like you're currently removing
the files manually and this method will help prevent future maintainers from
accidentally including these files. This also allows you to use uscan to
automatically remove the problematic files.