Reviews for yq-go
All reviews for this package from team members (across all versions).
| Reviewer | Version | Allocated | Started | Status | Completed | Comment | |
|---|---|---|---|---|---|---|---|
| siretart | 4.53.2+ds-1 | 1 month, 10 days ago | 1 month, 10 days ago | accepted | 1 month, 10 days ago | View | |
| siretart | 4.53.2-2 | 1 month, 15 days ago | 1 month, 15 days ago | rejected | 1 month, 14 days ago | Thanks for your diligence in bringing yq-go to the archive. I've had another look through the source, and while it's mostly there, I have to reject it for now because of a few minor metadata and policy issues. I noticed a slight slip in the way copyright statements are handled in debian/copyright. The statements need to be reproduced verbatim from the source headers to accurately reflect the upstream notices. For instance, the notice for scripts/shunit2 should include the "All Rights Reserved" portion, and the entry for scripts/release-deb.sh should match the exact format of the header, including the (C) symbol and email address. This is also a bit of a DFSG problem regarding the embedded copy of the shunit2 framework in scripts/shunit2. While it is correctly licensed, Debian Policy §4.13 generally prefers using the packaged version from the archive. If you find it necessary to bundle it, please include a debian/README.source file that documents this embedded copy and explains why the system-wide package isn't being used instead. Lastly, there are some formatting bits in the copyright file to clean up. The Apache-2.0 license should have its own standalone stanza at the bottom of the file that points to the common licenses directory, rather than having the reference nested inside the file stanza. I also noticed that the License: Expat string is repeated as the first line of the license text block in the main stanza, which should be removed. Once these bits are polished, it should be ready for another look. -rt | View |
| siretart | 4.53.2-1 | 1 month, 16 days ago | 1 month, 16 days ago | rejected | 1 month, 16 days ago | Thanks for your diligence in bringing `yq-go` to the archive. I've completed a DFSG review of version 4.53.2-1 and noticed a few things that need to be addressed in `debian/copyright` before this can be accepted. Specifically, `scripts/shunit2` (Apache-2.0, Kate Ward) and `scripts/release-deb.sh` (Roberto Mier Escandón) are currently missing their respective stanzas in the machine-readable copyright file. These omissions are unfortunately a reason for rejection at this stage. I noticed a slight slip in the following areas: * `scripts/shunit2` is an embedded copy of the shunit2 framework. It is licensed under Apache-2.0 and carries a copyright from Kate Ward (2008-2020). This needs its own stanza and the Apache-2.0 license text (or a reference to `/usr/share/common-licenses/Apache-2.0`). * `scripts/release-deb.sh` contains a copyright statement for Roberto Mier Escandón (2021). While we can assume this is under the same Expat license as the rest of the package, the copyright holder must still be explicitly listed in `debian/copyright` to comply with the license terms. Additionally, while not a DFSG violation, `scripts/shunit2` is an embedded code copy. In Debian, we generally prefer to use the packaged version of such tools, but if it must be bundled, it definitely needs to be fully documented. Once these entries are added to `debian/copyright`, the package should be good to go from a licensing perspective. -rt | View |
| siretart | 4.53.2-1 | 1 month, 15 days ago | 1 month, 15 days ago | rejected | 1 month, 15 days ago | yq-go @review-comments-yq-go-4.53.2-1.txt | View |