Re: RFS: jarifa
2010/12/9 Daniel Lombraña González <firstname.lastname@example.org>:
> I am looking for a sponsor for my package "jarifa".
A review of the source package:
Your upstream version should be 1.0~rc8 since that sorts before 1.0
and rc usually means release candidate.
debian/patches/debian-changes-1.0-rc8-1 looks like it can be removed
or applied upstream.
Please add a debian/watch file (see uscan manual page for details).
You might want to wrap the Depends line in debian/control since it is
very long. I like to split the line after every comma.
Can jarifa not connect to a MySQL server over the network? If so you
might want to demote mysql-server to recommends.
README.source looks like it belongs in the upstream README since it is
not Debian specific.
You add a symlink to ttf-dejavu fonts but do not depend on it. At the
very least I would say you need a Recommend.
Please switch jarifa to a randomly generated password instead of a
static easily guessable one when the user does not set a password.
www-data is defined in base-passwd so I think you can set permissions
on /usr/share/jarifa/img/stats at build time instead of in
Why does your prerm remove files from /usr? I think maybe your
software should use /var/lib/jarifa instead for runtime-created data.
I would replace your debian/rules file with
/usr/share/doc/debhelper/examples/rules.tiny and add "conf/jarifa.sql
libchart-1.2 is an embedded code copy (with its own embedded font
copy), please remove it from the tarball and package it separately.
db_conn.inc is similar, but I'm wondering why I don't see that in the
boinc package in Debian.
These files look like they were created in Inkscape/GIMP but I don't
see any SVG/XCF source for them: computer.png cpus.png credit.png
I wonder what the license/source for vcss.png is, since it looks like
an image from the W3C. Same for agplv3.png since it is an FSF image.
Why is there a lang/es_ES.utf8/LC_MESSAGES/messages.mo but no
Have you had the PHP code audited for vulnerabilities or run any
automated exploit finding tools against jarifa? Examples of such tools
available in Debian include w3af wapiti sqlmap rats. owasp.org is a
good place to go to learn about web application security.
Your jarifa.apache.conf forces jarifa to be available at /jarifa on
all apache vhosts. As a sysadmin I would expect to be either asked
what vhost, URL path to configure jarifa at or expect me to configure
it manually based on an example config.
I: jarifa source: no-complete-debconf-translation
I: jarifa source: debian-watch-file-is-missing
- RFS: jarifa
- From: Daniel Lombraña González <email@example.com>