DFSG NEW Queue - Review: python-sigstore-models 0.0.6-1

Review: python-sigstore-models 0.0.6-1

New Package Report

.changes◂

Version	0.0.6-1
Changed-By	Simon Josefsson
Architecture	source all
Distribution	unstable
Date	Wed, 27 May 2026 15:48:54 +0200
Source	python-sigstore-models

Changelog◂

python-sigstore-models (0.0.6-1) unstable; urgency=medium
 .
   * Initial release. (Closes: #1111998)

.dsc◂

Section	python
Priority	optional
Component	main
Package-List	python3-sigstore-models deb python optional arch=all

debian/copyright◂

Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Source: https://github.com/astral-sh/sigstore-models
Upstream-Name: sigstore-models
Upstream-Contact: William Woodruff <william@astral.sh>

Files: *
Copyright: 2025 Astral Software Inc.
License: Expat

Files: debian/*
Copyright: 2024-2026 Simon Josefsson <simon@josefsson.org>
License: Expat
Comment: Debian packaging is licensed under the same terms as upstream

License: Expat
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 .
 The above copyright notice and this permission notice shall be included in all
 copies or substantial portions of the Software.
 .
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.

Review Information

accepted — allocated to eamanu 23 days ago, started 23 days ago, completed 23 days ago.

Final Comment

Public Notes

23 days ago ● public

licensecheck

Command: licensecheck -r --deb-machine .
Exit code: 0

Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: FIXME
Upstream-Contact: FIXME
Source: FIXME
Disclaimer: Autogenerated by licensecheck

Files: ./.github/dependabot.yml
 ./.github/workflows/ci.yml
 ./.github/workflows/publish.yml
 ./.github/workflows/zizmor.yml
 ./.github/zizmor.yml
 ./.python-version
 ./README.md
 ./debian/changelog
 ./debian/control
 ./debian/gbp.conf
 ./debian/rules
 ./debian/salsa-ci.yml
 ./debian/source/format
 ./debian/upstream/metadata
 ./debian/watch
 ./pyproject.toml
 ./src/sigstore_models/_core.py
 ./src/sigstore_models/bundle/v1/__init__.py
 ./src/sigstore_models/common/v1/__init__.py
 ./src/sigstore_models/intoto.py
 ./src/sigstore_models/rekor/v1/__init__.py
 ./src/sigstore_models/rekor/v2/__init__.py
 ./src/sigstore_models/rekor/v2/dsse.py
 ./src/sigstore_models/rekor/v2/entry.py
 ./src/sigstore_models/rekor/v2/hashedrekord.py
 ./src/sigstore_models/rekor/v2/verifier.py
 ./src/sigstore_models/trustroot/v1/__init__.py
 ./test/rekor/test_v1.py
 ./test/test_core.py
 ./uv.lock
Copyright: NONE
License: UNKNOWN
 FIXME

Files: ./LICENSE
Copyright: 2025, Astral Software Inc.
License: Expat
 FIXME

Files: ./debian/copyright
Copyright: 2024-2026, Simon Josefsson <simon@josefsson.org>
  2025, Astral Software Inc.
License: Expat
 FIXME

23 days ago ● public

debian/copyright check

Command: cme check dpkg-copyright
Exit code: 0

(no output)

23 days ago ● public

licenserecon

Command: licenserecon
Exit code: 0

en: Versions: licenserecon '17.0'  licensecheck '3.3.9-1'

Parsing Source Tree  ....
Reading d/copyright  ....
Running licensecheck ....

No significant differences found

23 days ago ● public

Look for SPDX

Command: grep -r -B1 'SPDX-'
Exit code: 1

(no output)

23 days ago ● public

Lintian

Command: lintian -i -I -v --pedantic
Exit code: 0

(no output)

23 days ago ● public

duck

Command: duck
Exit code: 0

(no output)

23 days ago ● public

look for copyright

Command: egrep -R -i copyright
Exit code: 0

LICENSE:Copyright (c) 2025 Astral Software Inc.
LICENSE:The above copyright notice and this permission notice shall be included in all
LICENSE:AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
debian/copyright:Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
debian/copyright:Copyright: 2025 Astral Software Inc.
debian/copyright:Copyright: 2024-2026 Simon Josefsson <simon@josefsson.org>
debian/copyright: The above copyright notice and this permission notice shall be included in all
debian/copyright: AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

23 days ago ● public

look for license

Command: egrep -R -i license
Exit code: 0

LICENSE:MIT License
LICENSE:to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
pyproject.toml:license-files = ["LICENSE"]
debian/salsa-ci.yml:  SALSA_CI_DISABLE_LICENSERECON: 0
debian/copyright:License: Expat
debian/copyright:License: Expat
debian/copyright:Comment: Debian packaging is licensed under the same terms as upstream
debian/copyright:License: Expat
debian/copyright: to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

Back to Dashboard | View all reviews for this package