Package: asterisk Version: 1:11.5.1~dfsg-2 Severity: serious
I was surprised and initially happy to see Asterisk 11 uploaded into sid. My happiness quickly diminished when I saw that the upload contains the embedded pjproject as-is, despite this issue having been flagged for months now and being the sole blocker for an upload since the release of Asterisk 11 eleven months ago. There are several policy violations here: - Contains a convenience copy of pjproject under res/pjproject (§4.13) - pjproject itself contains convenience copies of several libraries under res/pjproject/third_party/ some of which already packaged in Debian (§4.13) - All of the above are completely undocumented in d/copyright (§12.5) - Not only they are undocumented, but it looks like no audit has happened on them whatsoever. From a very cursory look, at least res/pjproject/third_party/milenage/ & res/pjproject/third_party/g7221/ seem to completely lack license information other than the occasional "All right reserved", which makes them undistributable by Debian or anyone else. (§2.3) I'm baffled on how a DD could ever upload this into the archive, esp. since these issues were widely known and discussed beforehand. Please refrain from making such uploads in the future, as it's both a disgrace to Debian's standards and a legal risk. Regards, Faidon -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
