Package: repo Version: 1.12.37-1 Severity: serious Justification: Policy 2.2
From the package description: > repo is an unusual tool because it downloads all of its own Python > modules using GPG-signed git tags, and stores those files as part of > the project that it is working with. So this package just provides > the wrapper script, which provides the GPG signing keys for verifying > that the correct Python code was downloaded. Debian Policy § 2.2.1 says: > [...] must not require or recommend a package outside of _main_ for > compilation or execution Debian Policy § 2.2.2 says: > The _contrib_ archive area contains supplemental packages intended to > work with the Debian distribution, but which require software outside > of the distribution to either build or function. I can only read this as repo (in its current form) belongs in contrib, not main. - Jonas

