Review: bmagic 7.13.4+dfsg-2
New Package Report
.changes
| Architecture | source all |
|---|---|
| Distribution | unstable |
| Date | Sun, 03 May 2026 17:32:00 +0200 |
| Source | bmagic |
| Version | 7.13.4+dfsg-2 |
| Changed-By | Andreas Tille |
Changelog
bmagic (7.13.4+dfsg-2) unstable; urgency=medium . * Remove Athena Capital Research from Uploaders * Create separate -doc package * Remove unused lintian-overrides
.dsc
| Priority | optional |
|---|---|
| Component | main |
| Package-List | bmagic deb libdevel optional arch=all bmagic-doc deb doc optional arch=all |
| Section | libdevel |
debian/copyright
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: bmagic
Source: https://bmagic.sourceforge.net/
Files-Excluded: doc/html
warn.log
config.guess
.git*
Files: *
Copyright: (c) 2002-2023, Anatoliy Kuznetsov
License: Apache-2.0
Files: debian/*
Copyright: 2006, Wes Chow <wes@senortoad.com>
2008, Andres Salomon <dilinger@debian.org>
2009, 2019 Roberto C. Sanchez <roberto@connexer.com>
License: Apache-2.0
Comment:
It is assumed that all contributors release their packaging works under the
same term as the package itself.
License: Apache-2.0
BitMagic Library License
.
Copyright(c) 2002-2019 Anatoliy Kuznetsov(anatoliy_kuznetsov at yahoo.com)
.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
.
http://www.apache.org/licenses/LICENSE-2.0
.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
.
For more information please visit: http://bitmagic.io
.
**Important!** We ask you to explicitly mention BitMagic project in any
derived work or our published materials. Proper BitMagic reference on your
product/project page is a REQUIREMENT for using the Library.
.
On Debian systems, the complete text of the Apache version 2.0 license
can be found in "/usr/share/common-licenses/Apache-2.0".
Review Information
rejected — allocated to siretart 1 hour ago, started 1 hour ago, completed 1 hour ago.
Final Comment
Thanks for your diligence while working on this package. I've had a
look through the source, and while it's mostly there, I have to
reject it for now because of a few significant DFSG issues.
The main blocker is a non-free attribution requirement found in the
LICENSE file (and echoed in README.md and debian/copyright). It
states: "Proper BitMagic reference on your product/project page is a
REQUIREMENT for using the Library." This is a significant problem for
Debian's main archive because it imposes a specific redistribution
burden that goes beyond standard free software licenses. Requiring a
reference on a "product/project page" is a restriction that violates
DFSG 1 (Free Redistribution) and DFSG 3 (Derived Works), as it forces
downstream users to maintain a specific type of presence (a project
page) to use or modify the software. It is effectively an
advertising-style clause that is too restrictive for main.
Additionally, I found a binary blob in the source package at
msvc32/.vs/bm/v15/ipch/AutoPCH/60fd1a078cd898e5/PERF.ipch. This appears
to be a Microsoft Visual C++ precompiled header file. As a binary
artifact with no corresponding source form in a format we can modify,
it must be removed from the upstream tarball (using Files-Excluded in
debian/copyright).
There are also several discrepancies in debian/copyright that need
addressing. While the package is primarily Apache-2.0, there are quite
a few files under different licenses that are not listed:
- src/sse2neon.h is under the MIT license and is a bundled copy of the
sse2neon project. - src/bmavx2.h and src/bmavx512.h contain significant portions of code
from libpopcnt, which is under a BSD-2-Clause license. - tests/stress/stacktrace_dbg.h is licensed under WTFPL-2.0.
- lang-maps/jni/src/jnialloc.h and
lang-maps/libbm/src/try_throw_catch.h are also MIT licensed.
Please ensure all these licenses and their respective copyright
holders are fully documented. For the bundled code, Debian Policy 4.13
generally requires unbundling if the library is already available in the
archive (like sse2neon), so you should look into using the packaged
versions instead.
Finally, please double-check the copyright years. The
debian/copyright file lists up to 2023, but many source files still
only list up to 2019 or 2022. It's best to keep these consistent with
what's actually in the source headers.
-rt
Public Notes
Missed Author Check
Command: dnq author-check -prepare
Exit code: 0
Author check: scanned 343 files.
NOT IN debian/copyright (3):
Francesco Nidito
lang-maps/libbm/src/try_throw_catch.h:1
Kim Walisch
src/bmavx2.h:29
src/bmavx512.h:29
Wojciech Muła
src/bmavx2.h:30
src/bmavx512.h:30
Result: ATTENTION REQUIRED — 3 authors not in debian/copyright