Reviews for bmagic
All reviews for this package from team members (across all versions).
| Reviewer | Version | Allocated | Started | Status | Completed | Comment | |
|---|---|---|---|---|---|---|---|
| siretart | 7.13.4+dfsg-2 | 1 hour ago | 1 hour ago | rejected | 0 hours ago | Thanks for your diligence while working on this package. I've had a look through the source, and while it's mostly there, I have to reject it for now because of a few significant DFSG issues. The main blocker is a non-free attribution requirement found in the LICENSE file (and echoed in README.md and debian/copyright). It states: "Proper BitMagic reference on your product/project page is a REQUIREMENT for using the Library." This is a significant problem for Debian's main archive because it imposes a specific redistribution burden that goes beyond standard free software licenses. Requiring a reference on a "product/project page" is a restriction that violates DFSG 1 (Free Redistribution) and DFSG 3 (Derived Works), as it forces downstream users to maintain a specific type of presence (a project page) to use or modify the software. It is effectively an advertising-style clause that is too restrictive for main. Additionally, I found a binary blob in the source package at msvc32/.vs/bm/v15/ipch/AutoPCH/60fd1a078cd898e5/PERF.ipch. This appears to be a Microsoft Visual C++ precompiled header file. As a binary artifact with no corresponding source form in a format we can modify, it must be removed from the upstream tarball (using Files-Excluded in debian/copyright). There are also several discrepancies in debian/copyright that need addressing. While the package is primarily Apache-2.0, there are quite a few files under different licenses that are not listed: - src/sse2neon.h is under the MIT license and is a bundled copy of the sse2neon project. - src/bmavx2.h and src/bmavx512.h contain significant portions of code from libpopcnt, which is under a BSD-2-Clause license. - tests/stress/stacktrace_dbg.h is licensed under WTFPL-2.0. - lang-maps/jni/src/jnialloc.h and lang-maps/libbm/src/try_throw_catch.h are also MIT licensed. Please ensure all these licenses and their respective copyright holders are fully documented. For the bundled code, Debian Policy 4.13 generally requires unbundling if the library is already available in the archive (like sse2neon), so you should look into using the packaged versions instead. Finally, please double-check the copyright years. The debian/copyright file lists up to 2023, but many source files still only list up to 2019 or 2022. It's best to keep these consistent with what's actually in the source headers. -rt | View |