Re: RFS: otpw -- A One-time Password System
Le mercredi 14 mars 2007 17:47, Matthew Johnson a écrit :
> > * libotpw-dev: Is it mandatory that you ship only a static library ?
> This is consistent with libopie-dev. Upstream doesn't produce a dynamic
> library but merely recommends compiling with the .o files directly.
> > * You call dh_installman but in fact you install manuals yourself.. You
> > better simply use it..
> I've removed the call to installman for the moment, the man pages need
> to go in separate packages so it's easier to list them in the .install
> files and use dh_install
Nope, there is a way to do this, simply using package.manpages.
The same goes for any other dh_*...
> > * They are still dh_* calls that are not used. You may use them, or
> > comment or simply remove them. I can think of dh_link and dh_installdocs
> > for instance.
> dh_installdocs installs the Debian changelog and copyright files, and
> now the README and the html docs.
> > * debian/watch is not precise enought, it gives the result here:
> > -- Found the following matching hrefs:
> > otpw-1.3.tar.gz
> > otpw-snapshot.tar.gz
> > Newest version on remote site is snapshot, local version is 1.3
> > You may constrain it to digit only releases for instance..
> I've not used watch files before. I'm using the regex [\.0-9]* now.
> > * IMPORTANT: Licence is stated only in the html document... You may ask
> > upstream to include at least a LICENCE or COPYING file, and better add
> > the licence to each headers in code files...
> This is all upstream provides, I see no reason that it is not a valid
> licence declaration. The licence is clear in the package as it has been
> added to debian/copyright.
Nope at all.
Licence is a very important thing for an official upload. You are indeed right
that it is enought apriori, but copyright and licence has to be enforced.
You may read at this place:
"Be sure that you correctly document the license of the package. We often find
packages having a GPL COPYING file in the source, but if one goes and looks
at every file there are a few here and there having different licenses in
them, sometimes as bad as You aren't allowed to do anything with this file,
and if you do we will send our lawyers to you. Of course it's hard to check a
tarball with thousands of files (think about X, KDE, Kernel or similar big
packages), but most of the tarballs aren't that big. Also not-nice is a
package, itself being GPL, having documentation licensed with a non-free
license, like the CC licenses. Makes the original tarball non-free, this is
one of the cases where you need to repackage it (look in the archive for
examples, mostly having .dfsg. in their tarballs name)."
In other words, even though upstream claims some global licence for the entire
project, some files may have a different headers.. And under the assumption
that no licence is *not* a free licence the individual licence for each
source file could be different.
Again, it may be the case that the package is truly under the GPL file by
file, but I would not upload anything until you have done something, which
can be either to contact upstream and ask if individual files are under the
same copyright, propose him to add copyright to each file, and, better, patch
to add this after he may have answered it is the case.
Sorry but it is a must here.
> > * This html doc is not included, you could include it by creating a
> > debian/docs with its name inside.. It would then be a solution for using
> > dh_installdocs ;)
> Actually, it's installed in the -dev package. Given that it contains the
> licence information I've included it in the docs file so it should be
> installed on all of them.
Sorry I had not seen it
> > * Same remark for README
> Good remark, this should now be in there.
> > * Maybe more remarks, but enought for today ;)
> > Appart from that the package seems in a good shape, I may upload it later
> > when we'll have discussed above corrections and others I may see later..
> Thanks again. I've updated the packages at
> http://mjj29.matthew.ath.cx/debian-upload/otpw/ to reflect your
I'll look at this later on, but I'll like to hear from you on manpages and
licence issue before any other review
> > Again, I for myself recommend cdbs for simple packages since you are then
> > sure not to forgot any dh_* call (yes, I know you may call uneeded ones
> > but...) and reduce your rule only to the relevant parts... But this is of
> > course not an official guideline, just *my* advice that others sponsors
> > may not tell.
> I haven't used cdbs yet and from looking at packages with RC bugs
> which use it I've been very put off by the difficulty of diagnosing
> problems. Debhelper I find much clearer.
As you like :)
Blessed is the man that walketh not in the counsel of the ungodly,
nor standeth in the way of sinners,
nor sitteth in the seat of the scornful.
- Psalm 1:1