Source: jaxrs-api Version: 2.1.2-2 Severity: serious Justification: Policy 2.3, 12.5, possibly 2.1
In an internal Java™ project of $dayjob I was checking licences of updated components and found that javax.ws.rs:javax.ws.rs-api 2.1.1 has a new, different, licence I am unfamiliar with. I de‐ cided to see whether it’s in Debian and what its thoughts on it are. The Debian source package for the same component, however, has still the old licence listed. I looked into the source code, and lo and behold, it carries the NEW one. (This means that the DD who uploaded it did not read the diff between the versions care‐ fully enough). Broken copyright information is at least RC and serious. If the new licence (EPLv2 something) is not DFSG-free this makes it grave and grounds for archive and snapshot removal.
