Review: mstpd 0.2.0-1
New Package Report
.changes
| Changed-By | Nadzeya Hutsko |
|---|---|
| Architecture | source amd64 |
| Distribution | experimental |
| Date | Thu, 14 May 2026 14:17:29 +0200 |
| Source | mstpd |
| Version | 0.2.0-1 |
Changelog
mstpd (0.2.0-1) experimental; urgency=medium . * Initial release. (Closes: #767013)
.dsc
| Section | net |
|---|---|
| Priority | optional |
| Component | main |
| Package-List | mstpd deb net optional arch=linux-any |
debian/copyright
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: mstpd Upstream-Contact: https://github.com/mstpd/mstpd/issues Source: https://github.com/mstpd/mstpd Files: * Copyright: 2006 EMC Corporation 2011 Factor-SPE 2011-2017 Vitalii Demianets <dvitasgs@gmail.com> 2015-2026 mstpd contributors License: GPL-2+ Files: brmon.c Copyright: 2006-2015 Stephen Hemminger <shemminger@osdl.org> 2006-2015 Srinivas Aji <Aji_Srinivas@emc.com> 2011-2015 Vitalii Demianets <dvitasgs@gmail.com> License: GPL-2+ Files: packet.c Copyright: 2006 EMC Corporation Stephen Hemminger <shemminger@linux-foundation.org> Srinivas Aji <Aji_Srinivas@emc.com> License: GPL-2+ Files: libnetlink.* Copyright: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> License: GPL-2+ Files: list.h Copyright: kazutomo@mcs.anl.gov License: GPL-2 Files: broadcom_xstrata/* Copyright: 2012 Vladimir Cotfas <unix_router@yahoo.com> 2012 Phybridge Inc License: GPL-2 Files: broadcom_xstrata/driver_deps.c Copyright: Vitalii Demianets <dvitasgs@gmail.com> Vladimir Cotfas <unix_router@yahoo.com> License: GPL-2+ Files: hmac_md5.c Copyright: 1991-1992 RSA Data Security, Inc. License: RSA-MD5 Files: debian/* Copyright: 2026 Nadzeya Hutsko <nadzya.info@gmail.com> License: GPL-2+ License: GPL-2+ This package is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. . This package is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this program. If not, see <https://www.gnu.org/licenses/>. . On Debian systems, the complete text of the GNU General Public License version 2 can be found in "/usr/share/common-licenses/GPL-2". License: RSA-MD5 License to copy and use this software is granted provided that it is identified as the "RSA Data Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing this software or this function. . License is also granted to make and use derivative works provided that such works are identified as "derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing the derived work. . RSA Data Security, Inc. makes no representations concerning either the merchantability of this software or the suitability of this software for any particular purpose. It is provided "as is" without express or implied warranty of any kind. . These notices must be retained in any copies of any part of this documentation and/or software.
Review Information
rejected — allocated to siretart 15 days ago, started 15 days ago, completed 14 days ago.
Final Comment
Thanks for your diligence while working on this package. It's great to
see the broadcom_xstrata issues resolved. I've had another look
through the source, and there is a significant legal concern regarding
derived works that needs to be cleared up.
The README.md mentions that the initial code was partially "shamelessly
stolen" from the rstplib project. This is a bit of a problem because if
mstp.c or other files are derived from rstplib, we have a legal
obligation under the GPL to preserve the original copyright notices and
attributions. Failing to document Alex Rozin alexr@nbase.co.il and
Michael Rozhavsky mike@nbase.co.il as copyright holders for the
relevant code is effectively a license violation. It makes the package
legally hazardous for the project to distribute, as we would be
misrepresenting the ownership of the code.
I also noticed a few other spots where the attribution is a bit thin.
Satish Ashok sashok@cumulusnetworks.com is listed as the author for
several scripts in utils/ (like ifupdown.sh.in) and is credited in
the README for major features like BPDU Guard. Similarly, Alexandru
Ardelean ardeleanalex@gmail.com is the author of clock_gettime.h.
These contributors should really be added to the relevant stanzas in
debian/copyright rather than just falling into the generic "mstpd
contributors" catch-all.
Finally, on brmon.c, the header lists specific modification dates from
2006 and 2011. It would be good to update the years in the copyright
file to reflect these more accurately.
Please take a moment to do a thorough sweep for any other missing
authors, update debian/copyright to include these attributions, and
re-upload once it's all squared away.
-rt
Other Reviews of this Package
| Version | Hash | Allocated | Completed | Reviewer | Status | Details |
|---|---|---|---|---|---|---|
| 0.2.0-1 | fd96ea44… | 2026-05-12 14:44 | 2026-05-12 21:00 | siretart | rejected | VIEW |
| 0.2.0-1 | 25d5b3cc… | 2026-05-25 23:54 | 2026-05-26 00:28 | siretart | accepted | VIEW |
Public Notes
Lintian
Command: lintian -Iiv -L '>=warning' --show-overrides --color=never ../$(basename $PWD)_*.changes
Exit code: 0
N:
W: mstpd source: missing-license-paragraph-in-dep5-copyright gpl-2 [debian/copyright:40]
N:
N: The Files paragraph in the machine readable copyright file references a
N: license for which no stand-alone License paragraph exists.
N:
N: Sometimes this tag appears because of incorrect ordering. Stand-alone
N: License paragraphs must appear *after* all Files paragraphs.
N:
N: Please refer to
N: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ and
N: Bug#959067 for details.
N:
N: Visibility: warning
N: Show-Always: no
N: Check: debian/copyright/dep5
N: