Package: rapid-photo-downloader Version: 0.9.26-2 Severity: normal I'm not sure about this, but it seems to me that `upgrade.py` and `qrc_resources.py` ship binary data as source code.
This is normally a red flag in Debian packages, because source code should typically be text file that are humanly understandable, or at least usable with free software tools. Basing myself on the excellent investigation done by Tino Mettler: https://salsa.debian.org/debian/rapid-photo-downloader/-/merge_requests/2#note_307363 ... i t seems like the `upgrade.py` file is fairly innocuous: it's actually an encoded ZIP file that has .mo files generated from the provided .po files. I'm not sure that needs to be removed, as there is probably an obvious source for those. The other file, `qrc_resources.py`, is more problematic. It bundles binary data like images and those don't seem to have an associated source in the source code. It's unclear if that file could be redistributed as is, as it's clearly not modifiable, and would possibly be a license violation. It seems like the source images for that file are missing from the upstream source as well, crucially. Normally, we should be able to recompile that file from source, but because those images are missing, it's not possible. I'm not an expert on those issues as I used to be, so I'm not sure about all this, but it seemed important to flag this as an issue on the package. -- System Information: Debian Release: 11.3 APT prefers stable-security APT policy: (500, 'stable-security'), (500, 'stable-debug'), (500, 'stable'), (1, 'unstable'), (1, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.0-13-amd64 (SMP w/4 CPU threads) Kernel taint flags: TAINT_FIRMWARE_WORKAROUND Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages rapid-photo-downloader depends on: ii gir1.2-gexiv2-0.10 0.12.1-1 ii gir1.2-glib-2.0 1.66.1-1+b1 ii gir1.2-gstreamer-1.0 1.18.4-2.1 ii gir1.2-gudev-1.0 234-1 ii gir1.2-notify-0.7 0.7.9-3 ii gir1.2-udisks-2.0 2.9.2-2+deb11u1 ii gstreamer1.0-libav 1.18.4-3 ii gstreamer1.0-plugins-good 1.18.4-2 ii libgphoto2-6 2.5.27-1 ii libimage-exiftool-perl 12.16+dfsg-2 ii libmediainfo0v5 20.09+dfsg-2 ii libqt5svg5 5.15.2-3 ii python3 3.9.2-3 ii python3-arrow 1.2.1-1 ii python3-babel 2.8.0+dfsg.1-7 ii python3-colour 0.1.5-2 ii python3-dateutil 2.8.1-6 ii python3-easygui 0.98.1-1 ii python3-gi 3.38.0-2 ii python3-gphoto2 1.9.0-1+b2 ii python3-gphoto2cffi [python3-gphoto2] 0.4.3~a1-1.1+b1 ii python3-psutil 5.8.0-1 ii python3-pymediainfo 5.0.3-1 ii python3-pyqt5 5.15.2+dfsg-3 ii python3-requests 2.25.1+dfsg-2 ii python3-sortedcontainers 2.1.0-2 ii python3-tenacity 6.2.0-4 ii python3-tornado 6.1.0-1+b1 ii python3-xdg 0.27-2 ii python3-zmq 20.0.0-1+b1 ii qt5-image-formats-plugins 5.15.2-2 Versions of packages rapid-photo-downloader recommends: ii libraw-bin 0.20.2-1 rapid-photo-downloader suggests no packages. -- debconf-show failed
