Bug#1053565: RFS: openvpn3-client/20+dfsg-1 [ITP] -- virtual private network daemon (version 3)
> The issue and ITP talks about there being two packages, a library part
> and the client part. Has this changed (I cannot find the library part.)
I did start out to have different packages (client, library, dev); but
after discussing with upstream, I decided to mirror the upstream
(tarball) release since they release their client as a single tarball
and there is no other software that uses the library. For the moment,
I would have to use the git tarballs from github instead of what they
release as a tested client (integrated tarball of client and library).
I thought it would be best to follow the upstream lead on this.
> - changelog for an initial release should be only the first line, (as there
> are no changes to the debian package on the initial upload)
ack
> - you are creating an user. [1]
> - As per Debian polic 9.3, the username shouldbe an invalid user and start with an "_"
> - If I am not mistaken, you can use tmpfiles.d to specify the
> directory /var/lib/openvpn to be owned by openvpn:openvpn, so that
> snipped in postinst might not be needed. (please verify)
I followed the user name lead on this one, but I'll adjust to match
the policy. Thanks.
> [1] https://wiki.debian.org/AccountHandlingInMaintainerScripts
> - unicode-impl.hpp
> I'm not convinced that this (license) issue is a non-issue. It might be
> solved in later versions of the file, but the version in the tarball
> does not allow modification.
> As you are anyway dfsg repacking (at least the version indicates this,
> see also below), hows' about removing the file and then reintroducing a
> fine one with a patch?
This is a difficult one (at least to me). I started investigating this
and asking around on #debian-mentors. Therre it was concluded that it
was a false positive. But since the licence seems to have changed for
this file (the different copies included in Debian indicate this), I
can do that, solves your concern.
The DFSG was needed because the library used a random binary for
testing without sources (some sparc binary iirc).
> - files installed in /usr/include
> --> you want a -dev package.
I'll re-investigate this: since this client is standalone at the
moment (cf supra); it should not install any header at all.
> - d/copyright
> - is not DEP-5 format.
> - There is no indication why it is dfsg, and there id no
> Files-Exluded section.. so are you repacking at all?
The re-packaging was documented in debian/README.source
> - For praticality reasons, it is recommended to keep the license of
> the debian the same as upstream. Otherwise, package upstreaming
> might get more difficult than needed. (GPL2 is anyway incompatibel
> with Affero GPL 3; your "or later" safes the day.)
> - There is license text for the Gnu Affero General Public License 3,
> and it should be probably "AGPL-3" abbreviated.
> - Note: I did not do a license review of the source files.
Inspired by the openvpn team, I'll review.
> - lintian overrides
> - you need to comment the overrides WHY you overrode them.
ack
> - postinst
> - remove the useless comment about utf-8, or let me know what you want
> to say with it.
my bad
> - the python part - I think this should be in a dedicated python module package?
>
> - S-V could be updated.
>
> - There is no watch file.
This is in discussion with upstream to have a standard download
location that can be scanned. At the moment, the download location
does not allow indexing.
> - The package is in a team namespace on salsa, but d/control does not
> indicate that it is team maintained.
As the ITP mentioned, part of the work was company sponsored, hence
the (default) teamspace. But since I seem to be the only one working
on it, I'll move it to a personal space.
> As usual, remove moreinfo when you are done updating your package.
ack
--
g. Marc
GPG: 827C FD74 BA46 8152 A041 F3A0 7A6A 4F17 5995 A65B
Reply to: