DFSG NEW Queue - Review: rust-prio-0.16 0.16.8+ds-1

Review: rust-prio-0.16 0.16.8+ds-1

New Package Report

.changes◂

Date	Mon, 25 May 2026 08:36:33 +0200
Source	rust-prio-0.16
Version	0.16.8+ds-1
Changed-By	Jonas Smedegaard
Architecture	source all
Distribution	experimental

Changelog◂

rust-prio-0.16 (0.16.8+ds-1) experimental; urgency=medium
 .
   [ upstream ]
   * older release
 .
   [ Jonas Smedegaard ]
   * update git-buildpackage config:
     + use version-prefixed branches and tags
   * update watch file: limit to track only 0.16.*
   * rename source and binary package to include version
   * demote project versions in virtual packages and autopkgtests
   * update and unfuzz patches
   * update copyright info: update coverage
   * autopkgtest-depend on non-virtual package
   * test all features during build
   * tighten (build-)dependency for crate sha3

.dsc◂

Component	main
Package-List	librust-prio-0.16-dev deb rust optional arch=all
Section	rust
Priority	optional

debian/copyright◂

Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: libprio-rs
Upstream-Contact: https://github.com/divviup/libprio-rs/issues
Source: https://github.com/divviup/libprio-rs
 .
 Repackaged, excluding any .git* files.
Files-Excluded:
 */.git*

Files: *
Copyright:
  2020        Apple Inc.
  2021, 2025  ISRG
License-Grant:
 license = "MPL-2.0"
License: MPL-2.0
Reference:
 Cargo.toml
 LICENSE

Files:
 src/dp/rand_bigint.rs
Copyright:
  2023       ISRG
  2022       President and Fellows of Harvard College
  2013-2014  The Rust Project Developers
  2020       Thomas Steinke
License-Grant:
 The file src/dp/rand_bigint.rs includes third-party code
 from the num-bigint crate, version 0.6.4,
 used under the terms of the Apache 2.0 license.
License: Apache-2.0 and MPL-2.0
Reference:
 Cargo.toml
 LICENSE-THIRD-PARTY
 NOTICE
Comment:
 The source file contains a licensing statement for Expat,
 but that is assumed superseded
 according to the licensing statement in file <NOTICE>.

Files:
 debian/*
Copyright:
  2026  Jonas Smedegaard <dr@jones.dk>
License-Grant:
 This packaging is free software;
 you can redistribute it and/or modify it
 under the terms of the GNU General Public License
 as published by the Free Software Foundation;
 either version 3,
 or (at your option) any later version.
License: GPL-3+
Reference: debian/copyright

Files:
 debian/patches/*
Copyright:
  Christopher Patton <cpatton@cloudflare.com>
  David Cook <dcook@letsencrypt.org>
  J.C. Jones <james.jc.jones@gmail.com>
  Jonas Smedegaard <dr@jones.dk>
License: Apache-2.0 and MPL-2.0
Reference:
 Cargo.toml
 LICENSE
Comment:
 Patches commonly lack explicit copyright and license.
 For the cases where patches are copyrightable at all,
 copyright is assumed to be held by the author,
 and license is assumed to be the same as main upstream license.

Files:
 debian/patches/020250605~e6983b5.patch
Copyright:
  David Cook <dcook@letsencrypt.org>

License: Apache-2.0 and MPL-2.0

License: GPL-3+
Reference: /usr/share/common-licenses/GPL-3

License: MPL-2.0
Reference: /usr/share/common-licenses/MPL-2.0

Review Information

accepted — allocated to mechtilde 27 days ago, started 27 days ago, completed 27 days ago.

Final Comment

Hi,

please improve file d/copyright to be DEP-5 compliant.

One file miss a license statement and the apache-2.0 License isn't listed in
d/copyright.

thanks

Public Notes

27 days ago ● public

Lintian

Command: lintian -c -E -I -i -L '>=warning' --show-overrides --color=never ../$(basename $PWD)_*.changes
Exit code: 0

N:
W: rust-prio-0.16 source: missing-debian-watch-file-standard [debian/watch]
N: 
N:   The debian/watch file in this package doesn't start with a version= or
N:   Version: line. The first non-comment line of debian/watch should be a
N:   version= or Version: declaration. This may mean that this is an old
N:   version one watch file that should be updated to the current version.
N: 
N:   Please refer to the uscan(1) manual page for details.
N: 
N:   Visibility: warning
N:   Show-Always: no
N:   Check: debian/watch/standard
N:   Renamed from: debian-watch-file-missing-version
N: 
N:
W: rust-prio-0.16 source: missing-field-in-dep5-copyright License [debian/copyright:73]
N: 
N:   The paragraph in the machine readable copyright file is missing a field
N:   that is required by the specification.
N: 
N:   Please refer to
N:   https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ for
N:   details.
N: 
N:   Visibility: warning
N:   Show-Always: no
N:   Check: debian/copyright/dep5
N: 
N:
W: rust-prio-0.16 source: superfluous-file-pattern src/dp/rand_bigint.rs [debian/copyright:21]
N: 
N:   The wildcard that was specified matches no file in the source tree. This
N:   either indicates that you should fix the wildcard so that it matches the
N:   intended file or that you can remove the wildcard. Notice that in contrast
N:   to shell globs, the "*" (star or asterisk) matches slashes and leading
N:   dots.
N: 
N:   Please refer to
N:   https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ for
N:   details.
N: 
N:   Visibility: warning
N:   Show-Always: no
N:   Check: debian/copyright/dep5
N: 
N:
N: License is in Reference field (see bug#786450)
O: rust-prio-0.16 source: missing-license-paragraph-in-dep5-copyright apache-2.0 [debian/copyright:63]
N: 
N:   The Files paragraph in the machine readable copyright file references a
N:   license for which no stand-alone License paragraph exists.
N:   
N:   Sometimes this tag appears because of incorrect ordering. Stand-alone
N:   License paragraphs must appear *after* all Files paragraphs.
N: 
N:   Please refer to
N:   https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ and
N:   Bug#959067 for details.
N: 
N:   Visibility: warning
N:   Show-Always: no
N:   Check: debian/copyright/dep5
N: 
N:
N: License is in Reference field (see bug#786450)
O: rust-prio-0.16 source: missing-license-paragraph-in-dep5-copyright gpl-3+ [debian/copyright:53]
N:
N: License is in Reference field (see bug#786450)
O: rust-prio-0.16 source: missing-license-paragraph-in-dep5-copyright mpl-2.0 [debian/copyright:63]
N:
O: rust-prio-0.16 source: missing-license-text-in-dep5-copyright Apache-2.0 and MPL-2.0 [debian/copyright:78]
N: 
N:   The standalone “License” paragraph contains only short license name, but
N:   not the license text.
N: 
N:   Please refer to
N:   https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ for
N:   details.
N: 
N:   Visibility: warning
N:   Show-Always: no
N:   Check: debian/copyright/dep5
N: 
N:
O: rust-prio-0.16 source: missing-license-text-in-dep5-copyright GPL-3+ [debian/copyright:80]
N:
O: rust-prio-0.16 source: missing-license-text-in-dep5-copyright MPL-2.0 [debian/copyright:83]

Back to Dashboard | View all reviews for this package