Reviews for mstpd
All reviews for this package from team members (across all versions).
| Reviewer | Version | Allocated | Started | Status | Completed | Comment | |
|---|---|---|---|---|---|---|---|
| siretart | 0.2.0-1 | 1 month, 16 days ago | 1 month, 16 days ago | rejected | 1 month, 15 days ago | Thanks for your diligence while working on this package. I've had a look through the source, and while it's mostly there, I have to reject it for now because there are several discrepancies between the file headers and the claims in debian/copyright. Specifically, several files are licensed under the GPL-2 only, but are currently documented as GPL-2+ (version 2 or later). For example: - broadcom_xstrata/bcmexp.c: L7 says "Released under GPLv2" - broadcom_xstrata/stp.soc: L2 says "Released under GPLv2" - broadcom_xstrata/knet.soc: L2 says "Released under GPLv2" This also applies to broadcom_xstrata/etc-init.d-stp.sh, which lacks an explicit license grant but is presumably intended to be GPL-2 like its neighbors. You'll need to ensure Phybridge Inc is correctly credited for this file under the appropriate GPL-2 stanza. Additionally, list.h contains a note stating it was "grubbed from linux kernel source code". Since the Linux kernel is licensed under GPL-2 only, this header should also be treated as GPL-2 only rather than the GPL-2+ listed in debian/copyright. The broadcom_xstrata/* stanza in debian/copyright is also a bit too broad, as it includes broadcom_xstrata/driver_deps.c, which actually is licensed as GPL-2+ (L7: "version 2 of the License, or (at your option) any later version"). You'll need to split these out into separate stanzas to accurately reflect the "or later" status of each file. Please update debian/copyright to match these findings and re-upload. -rt | View |
| siretart | 0.2.0-1 | 1 month, 13 days ago | 1 month, 13 days ago | rejected | 1 month, 13 days ago | Thanks for your diligence while working on this package. It's great to see the broadcom_xstrata issues resolved. I've had another look through the source, and there is a significant legal concern regarding derived works that needs to be cleared up. The README.md mentions that the initial code was partially "shamelessly stolen" from the rstplib project. This is a bit of a problem because if mstp.c or other files are derived from rstplib, we have a legal obligation under the GPL to preserve the original copyright notices and attributions. Failing to document Alex Rozin <alexr@nbase.co.il> and Michael Rozhavsky <mike@nbase.co.il> as copyright holders for the relevant code is effectively a license violation. It makes the package legally hazardous for the project to distribute, as we would be misrepresenting the ownership of the code. I also noticed a few other spots where the attribution is a bit thin. Satish Ashok <sashok@cumulusnetworks.com> is listed as the author for several scripts in utils/ (like ifupdown.sh.in) and is credited in the README for major features like BPDU Guard. Similarly, Alexandru Ardelean <ardeleanalex@gmail.com> is the author of clock_gettime.h. These contributors should really be added to the relevant stanzas in debian/copyright rather than just falling into the generic "mstpd contributors" catch-all. Finally, on brmon.c, the header lists specific modification dates from 2006 and 2011. It would be good to update the years in the copyright file to reflect these more accurately. Please take a moment to do a thorough sweep for any other missing authors, update debian/copyright to include these attributions, and re-upload once it's all squared away. -rt | View |
| siretart | 0.2.0-1 | 1 month, 2 days ago | 1 month, 2 days ago | accepted | 1 month, 2 days ago | View |