Package: webcit Version: 7.37-dfsg-6 Severity: serious Justification: 12.5 I was asked to review this source package in NEW, and found problems with this package which caused me to reject the package. It appears that some of the problems with this source also exist in the packages in stable, testing, and unstable.
./po/da.po, README.txt say: This program is released under the terms of the GNU General Public License v3 however debian/copyright is not referring to /usr/share/common-licenses/GPL-3. None of the lcense texts in debian/copyright refer to GPL v3. he references to the gpl in debian/copyright refer to version 2 or later. -- ./static/BubbleTooltips.js says: * version is distributed as part of the Citadel system * under the terms of the GNU General Public License v2. This is a problem in that GPLv3 is not compatible with GPLv2. If this is GPLv2 and we have code which is GPLv3 or GPLv3+, this is not redistributable. Also, this file being GPLv2 only is not mentioned in debian/copyright -- ./static/dragdrop.js says: // (c) 2005-2007 Sammi Williams (http://www.oriontransfer.co.nz, sa...@oriontransfer.co.nz) but Sammi Williams is not mentioned in debian/copyright -- ./static/datepicker-dev.js says: * (c) 2007 Mathieu Jondet <math...@eulerian.com> * DatePicker is freely distributable under the same terms as Prototype. Mathieu Jondet is not mentioned in debian/copyright -- ./static/slider.js says: // Copyright (c) 2005-2007 Marty Haught, Thomas Fuchs but Marty Haught is not mentioned in debian/copyright -- ./static/controls.js says: // (c) 2005-2007 Ivan Krstic (http://blogs.law.harvard.edu/ivan) // (c) 2005-2007 Jon Tirsen (http://www.tirsen.com) neither of these copyright holders is mentioned in debian/copyright. ------ More minor things: ./static/scriptaculous.js says: // Copyright (c) 2005-2007 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us) so the copyright notice in debian/copyright should expand the years covered for Thomas Fuchs. --- upstream should be notified of the mistakes in many of the po files: "# This file is distributed under the same license as the PACKAGE package." They probably mean "Citadel package" or "webcit package", or something similar. bye, stew ----- End forwarded message -----
signature.asc
Description: Digital signature
