Review: thorvg 1.0.1+dfsg-1
New Package Report
.changes
| Changed-By | Jongmin Kim |
|---|---|
| Architecture | source amd64 |
| Distribution | unstable |
| Date | Thu, 19 Feb 2026 04:03:34 +0900 |
| Source | thorvg |
| Version | 1.0.1+dfsg-1 |
Changelog
thorvg (1.0.1+dfsg-1) unstable; urgency=medium . [ Hermet Park, Jongmin Kim ] * Initial release. (Closes: #990217)
.dsc
| Priority | optional |
|---|---|
| Component | main |
| Package-List | libthorvg-dev deb libdevel optional arch=any libthorvg1 deb libs optional arch=any |
| Section | libdevel |
debian/copyright
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: ThorVG
Upstream-Contact: ThorVG Team <thorvg@thorvg.org>
Source: https://github.com/thorvg/thorvg
Files-Excluded: test/*
Files: *
Copyright: 2020-2026 ThorVG Project
License: Expat
Files: debian/*
Copyright: 2026 Hermet Park <hermetpark@gmail.com>
2026 Jongmin Kim <jmkim@debian.org>
License: Expat
Comment: This package is licensed under the same terms as upstream
License: Expat
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
Review Information
rejected — allocated to awm 17 days ago, started 17 days ago, completed 17 days ago.
Final Comment
There seem to be a number of issues:
- Several copyright holders are not mentioned in debian/copyright.
- Various files - particularly under src/loaders - are licensed differently
There is also a lintian warning that seems worth fixing. and a deprecated
field in the upstream metadata.
See the review notes for full details.
Thanks!
Public Notes
17 days ago
● public
Search for authors
Command: ag -i 'copyright .* (by|rights|reserved)[. ]' | sed -e 's/^.*Copyright //i' -e 's/\(20\|19\)[0-9][0-9][, -]*//g' -e 's/[., ]*ALL RIGHTS RESERVED.*$//i' | sort -i | uniq -i
Exit code: 0
(C) by David Turner,
(c) Samsung Electronics Co., Ltd
(c) the ThorVG project
(C) THL A29 Limited, a Tencent company, and Milo Yip->
(c) ThorVG project
Google Inc
17 days ago
● public
Lintian
Command: lintian -Iiv -L '>=warning' --show-overrides --color=never ../$(basename $PWD)_*.changes
Exit code: 0
N:
N: Upstream decided to include the major SOVERSION in the library name (as
N: SONAME-maj) resulting in a SONAME like libthorvg-1.so.1.
N: https://github.com/thorvg/thorvg/commit/63512e1560c8b574ce01c6e14b34137634410b10
N: https://github.com/thorvg/thorvg/commit/eba7bbacbd541a7f5558f312de4e23da9200a59e
N: Naming the Debian package libthorvg-1-1 would duplicate the major
N: SOVERSION in the package name, so we keep libthorvg1 instead.
O: libthorvg1: package-name-doesnt-match-sonames libthorvg-1-1
N:
N: The package name of a library package should usually reflect the soname of
N: the included library. The package name can determined from the library
N: file name with the following code snippet:
N:
N: $ objdump -p /path/to/libfoo-bar.so.1.2.3 | sed -n -e's/^[[:space:]]*SONAME[[:space:]]*//p' | \
N: sed -r -e's/([0-9])\.so\./\1-/; s/\.so(\.|$)//; y/_/-/; s/(.*)/\L&/'
N:
N: Visibility: warning
N: Show-Always: no
N: Check: libraries/shared/soname
N:
17 days ago
● public
Licenserecon
Command: lrc -s
Exit code: 3
en: Versions: licenserecon '12.0' licensecheck '3.3.9-1'
Parsing Source Tree ....
Reading d/copyright ....
Running licensecheck ....
d/copyright | licensecheck
Expat | CC-BY-4.0 CODE_OF_CONDUCT.md
Expat | Apache-2.0 src/loaders/lottie/jerryscript/jerry-core/api/jerryscript.cpp
Expat | Apache-2.0 and/or Expat src/loaders/lottie/jerryscript/jerry-core/ecma/base/ecma-helpers-errol.cpp
Expat | Apache-2.0 src/loaders/lottie/jerryscript/jerry-core/ecma/base/ecma-helpers-external-pointers.cpp
Expat | BSD-3-clause src/loaders/lottie/rapidjson/msinttypes/inttypes.h
Expat | Expat and/or MPL-2.0 src/loaders/lottie/tvgLottieInterpolator.cpp
Expat | Expat and/or Zlib src/loaders/png/tvgLodePng.cpp
Expat | Expat and/or FTL src/renderer/sw_engine/tvgSwRle.cpp
Expat | Zlib tools/svg2png/lodepng.cpp
Short option in use. Not all differences shown
17 days ago
● public
CME fix
Command: cme fix --verbose dpkg
Exit code: 255
Reading package lists... 0%
Reading package lists... 100%
Reading package lists... Done
Building dependency tree... 0%
Building dependency tree... 0%
Building dependency tree... 50%
Building dependency tree... 50%
Building dependency tree... Done
Reading state information... 0%
Reading state information... 0%
Reading state information... Done
cme: running fix on dpkg configuration...
Connecting to api.ftp-master.debian.org to check 1 package versions. Please wait...
Got info from api.ftp-master.debian.org for 1 packages.
Element 'Contact' of node 'upstream-metadata' is deprecated
Configuration path 'upstream-metadata': unknown element 'Name'. Either your file has an error or Dpkg::Upstream::Metadata model is lagging behind. In the latter case, please submit a bug report using 'reportbug libconfig-model-dpkg-perl'. See cme man page for details.
Expected elements: 'Archive','ASCL-Id','Bug-Database','Bug-Submit','Cite-As','Changelog','CPE','Documentation','Donation','FAQ','Funding','Gallery','Other-References','Reference','Registration','Registry','Repository','Repository-Browse','Screenshots','Security-Contact','Webservice'