DFSG NEW Queue - Review: glue-qt 1:0.4.1-1

Review: glue-qt 1:0.4.1-1

New Package Report

.dsc◂

Package-List	glueviz deb python optional arch=all python3-glue-qt deb python optional arch=all
Section	python
Priority	optional
Component	main

debian/copyright◂

Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: glue-qt
Source: https://github.com/glue-viz/glue-qt

Files: *
Copyright: 2013-2019 Glue developers
License: BSD-3-Clause

Files: debian/*
Copyright: 2026 Ole Streicher
License: BSD-3-Clause

Files: debian/org.glueviz.GlueQt.metainfo.xml
Copyright: non-applicable
License: CC0-1.0

License: BSD-3-Clause
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are met:
 .
 * Redistributions of source code must retain the above copyright
   notice, this list of conditions and the following disclaimer.
 * Redistributions in binary form must reproduce the above copyright
   notice, this list of conditions and the following disclaimer in the
   documentation and/or other materials provided with the
   distribution.
 * Neither the name of the Glue project nor the names of its
   contributors may be used to endorse or promote products derived
   from this software without specific prior written permission.
 .
 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
 INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
 OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
 AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
 WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 POSSIBILITY OF SUCH DAMAGE.

License: CC0-1.0
 Creative Commons Zero v1.0 Universal
 .
 The full text of this license can be found in
 /usr/share/common-licenses/CC0-1.0

Review Information

rejected — allocated to awm 13 days ago, started 13 days ago, completed 13 days ago.

Final Comment

Generally looks OK, but there are problems with your signing key:

Signing key on BAFC6C85F7CB143FEEB6FB157115AFD07710DCF7 is not bound:
           No binding signature at time 2026-01-29T14:42:57Z
  because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance
  because: SHA1 is not considered secure since 2023-02-01T00:00:00Z
dpkg-source: warning: cannot verify inline signature for /usr/src/dfsg/glue-qt_0.4.1-1.dsc: no acceptable signature found

A minor nit: the debian/upstream/metadata URL returns a 404

Public Notes

13 days ago ● public

Signing key on BAFC6C85F7CB143FEEB6FB157115AFD07710DCF7 is not bound:
No binding signature at time 2026-01-29T14:42:57Z
because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance
because: SHA1 is not considered secure since 2023-02-01T00:00:00Z
dpkg-source: warning: cannot verify inline signature for /usr/src/dfsg/glue-qt_0.4.1-1.dsc: no acceptable signature found
dpkg-source: info: extracting glue-qt in glue-qt_0.4.1-1

13 days ago ● public

duck - check URL redirections

Command: duck
Exit code: 1

E: debian/upstream/metadata:URL: https://conference.scipy.org/proceedings/scipy2015/chris_beaumont.html: ERROR (Certainty:wild-guess)
   Curl:0 HTTP:404 No error

13 days ago ● public

Licenserecon

Command: lrc -l
Exit code: 0

en: Versions: licenserecon '11.0'  licensecheck '3.3.9-1'

Parsing Source Tree  ....
Reading d/copyright  ....
Running licensecheck ....

d/copyright      | licensecheck

BSD-3-Clause     | BSD-3-clause      LICENSE
No significant differences found

Back to Dashboard | View all reviews for this package