Package: gallery2 Version: 2.3.2.dfsg-1 Severity: serious Hi,
The file lib/pear/HTMLSax3.php is released under version 3.0 of the PHP license, which unfortunately isn't suitable for Debian. Note that version 3.01 of the PHP license is ok, but not version 3.0. Please totally remove lib/pear/HTMLSax3.php, or contact upstream authors to have it relicense. Also, please don't just embbed any random pear library in your binary packages, instead, please package http://pear.php.net/package/XML_HTMLSax separately as a Debian package and depends on it. You can contact the Debian PEAR team at: pkg-php-p...@lists.alioth.debian.org if you want this to happen and the package to be team maintained. The same way your binary package is embedding: /usr/share/php/Mail/mime.php This is bad because there is /usr/share/php/Mail/mime.php available in the php-mail-mime package. Also note that your version is old, and can potentially have security issues. The same is truth for: /usr/share/gallery2/lib/pear/mimePart.php (available in php-mail-mime) /usr/share/gallery2/lib/pear/Safe.php (available in php-html-safe) Also, in lib/yui, there are minimized version of javascripts from the Yahoo lib. That's a problem since: 1/ Gallery2 source doesn't provide the non-minimized version 2/ Gallery2 binary should use files from libjs-yui Last, no mention of the author for the wz drag and drop javascript library packages at: /usr/share/gallery2/lib/wz_dragdrop/wz_dragdrop.js or the library in: /usr/share/gallery2/lib/bbcode which is released under the MIT license, or /usr/share/gallery2/lib/smtp which is using GPL2+ and not LGPL. Please review completely the package copyright file, it's currently totally wrong. So to sum-up: - Don't embbed libs that are otherwise packaged separately in Debian - Remove XML_HTMLSax from sources which is not a candidate for Debian main - Rewrite your debian/copyright file in a proper way Cheers, Thomas Goirand (zigo) -- System Information: Debian Release: 6.0.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
