DFSG NEW Queue - Review: rauc-hawkbit-updater 1.4-1

Review: rauc-hawkbit-updater 1.4-1

New Package Report

.changes◂

Changed-By	Christopher Obbard
Architecture	source amd64
Distribution	unstable
Date	Mon, 05 Jan 2026 17:55:40 +0000
Source	rauc-hawkbit-updater
Version	1.4-1

Changelog◂

rauc-hawkbit-updater (1.4-1) unstable; urgency=medium
 .
   * Initial release. (Closes: #1124690)

.dsc◂

Section	embedded
Priority	optional
Component	main
Package-List	rauc-hawkbit-updater deb embedded optional arch=any

debian/copyright◂

Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Source: https://github.com/rauc/rauc-hawkbit-updater
Upstream-Name: rauc-hawkbit-updater
Upstream-Contact: Bastian Krause <bst@pengutronix.de>

Files:
 *
Copyright:
 2018-2020 Lasse K. Mikkelsen <lkmi@prevas.dk>
 2021-2025 Bastian Krause <bst@pengutronix.de>
License: LGPL-2.1+

Files:
 script/*
Copyright:
 2021 Enrico Jörns <e.joerns@pengutronix.de>
 2021-2025 Bastian Krause <bst@pengutronix.de>
License: 0BSD

Files: test/*
Copyright:
 2021 Enrico Jörns <e.joerns@pengutronix.de>
 2021-2025 Bastian Krause <bst@pengutronix.de>
 2021-2025 Florian Bezannier <florian.bezannier@hotmail.fr>
 2024-2025 Robin van der Gracht <robin@protonic.nl>
License: LGPL-2.1+

Files:
 debian/*
Copyright:
 2026 Christopher Obbard <obbardc@debian.org>
License: LGPL-2.1+

License: LGPL-2.1+
 This library is free software; you can redistribute it and/or
 modify it under the terms of the GNU Lesser General Public
 License as published by the Free Software Foundation; either
 version 2.1 of the License, or (at your option) any later version.
 .
 This library is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 Lesser General Public License for more details.
 .
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <https://www.gnu.org/licenses/>.
Comment:
 On Debian systems, the complete text of the GNU Lesser General Public
 License version 2.1 can be found in /usr/share/common-licenses/LGPL-2.1.

License: 0BSD
 Permission to use, copy, modify, and/or distribute this software for any
 purpose with or without fee is hereby granted.
 .
 THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

Review Information

rejected — allocated to awm 25 days ago, started 25 days ago, completed 25 days ago.

Final Comment

In the file include/config-file.h it is pretty explicit in the SPDX header that it is
licensed as LGPL-2.1-only:

/**

SPDX-License-Identifier: LGPL-2.1-only
SPDX-FileCopyrightText: 2018-2020 Lasse K. Mikkelsen lkmi@prevas.dk, Prevas A/S (www.prevas.com)
*/

I'm not sure why licensrecon picked on that file specifically though - that
seems the case for a lot of files:

$ grep -r LGPL-2.1-only .
./test/test_cancel.py:# SPDX-License-Identifier: LGPL-2.1-only
./test/conftest.py:# SPDX-License-Identifier: LGPL-2.1-only
./test/test_install.py:# SPDX-License-Identifier: LGPL-2.1-only
./test/test_download.py:# SPDX-License-Identifier: LGPL-2.1-only
./test/test_mtls.py:# SPDX-License-Identifier: LGPL-2.1-only
./test/helper.py:# SPDX-License-Identifier: LGPL-2.1-only
./test/rauc_dbus_dummy.py:# SPDX-License-Identifier: LGPL-2.1-only
./test/test_basics.py:# SPDX-License-Identifier: LGPL-2.1-only
./meson.build: license : 'LGPL-2.1-only',
./src/rauc-installer.c: * SPDX-License-Identifier: LGPL-2.1-only
./src/sd-helper.c: * SPDX-License-Identifier: LGPL-2.1-only
./src/rauc-hawkbit-updater.c: * SPDX-License-Identifier: LGPL-2.1-only
./src/config-file.c: * SPDX-License-Identifier: LGPL-2.1-only
./src/hawkbit-client.c: * SPDX-License-Identifier: LGPL-2.1-only
./src/log.c: * SPDX-License-Identifier: LGPL-2.1-only
./src/json-helper.c: * SPDX-License-Identifier: LGPL-2.1-only
./include/json-helper.h: * SPDX-License-Identifier: LGPL-2.1-only
./include/log.h: * SPDX-License-Identifier: LGPL-2.1-only
./include/hawkbit-client.h: * SPDX-License-Identifier: LGPL-2.1-only
./include/sd-helper.h: * SPDX-License-Identifier: LGPL-2.1-only
./include/config-file.h: * SPDX-License-Identifier: LGPL-2.1-only
./include/rauc-installer.h: * SPDX-License-Identifier: LGPL-2.1-only

So perhaps you can have a chat with the upstream about what is going on. Perhaps
they have a different understanding of what 'only' means.

Thanks!

Other Reviews of this Package

Version	Hash	Allocated	Completed	Reviewer	Status	Details
1.4-1	7cf7a617…	2026-03-16 07:02	2026-03-16 07:07	mechtilde	accepted	VIEW

Public Notes

25 days ago ● public

Licenserecon

Command: lrc -s
Exit code: 3

en: Versions: licenserecon '11.0'  licensecheck '3.3.9-1'

Parsing Source Tree  ....
Reading d/copyright  ....
Running licensecheck ....

d/copyright      | licensecheck

LGPL-2.1+        | LGPL-2.1          include/config-file.h

Short option in use. Not all differences shown

Back to Dashboard | View all reviews for this package