Bug#928975: (no subject)

2019-05-15 Thread Michael Lustfield
When I first looked the source package, I only looked at d/copyright. Since I
didn't see Files-Excluded, and the upstream tarball didn't include '+dfsg' in
the name, I assumed the infringing files were not included.

Looking closer, I see that the files were actually removed, so this
source/package doesn't actually constitute a copyright violation, although this
is still a problem in upstream.

Moritz, would you be willing to include Files-Excluded: common/db-wrapper in
d/copyright and add +dfsg to d/watch? It looks like you're currently removing
the files manually and this method will help prevent future maintainers from
accidentally including these files. This also allows you to use uscan to
automatically remove the problematic files.

-- 
Michael Lustfield



Bug#928975: (no subject)

2019-05-14 Thread Michael Lustfield
After looking at the provided samples, I would agree that the similarity
between the two is too close to be a coincidence, especially considering the
timeline described/observed.

Without evidence to the contrary, I agree that this should be removed from
Debian. You should probably also file similar bugs with any other distro
(epel?) that may have a copy of software built from this source, as well as
with the upstream project itself. Depending on the result you get, you may
(hopefully not) find these resources helpful.

- http://gpl-violations.org/
- https://sfconservancy.org/about/
- http://www.softwarefreedom.org/about/contact/

-- 
Michael Lustfield