Re: RFS: jarifa
Thanks for the comments. I will try to address all your points, and fix them!!!
On Sun, Dec 12, 2010 at 17:58, Paul Wise <email@example.com> wrote:
> 2010/12/9 Daniel Lombraña González <firstname.lastname@example.org>:
>> I am looking for a sponsor for my package "jarifa".
> A review of the source package:
> Your upstream version should be 1.0~rc8 since that sorts before 1.0
> and rc usually means release candidate.
> debian/patches/debian-changes-1.0-rc8-1 looks like it can be removed
> or applied upstream.
> Please add a debian/watch file (see uscan manual page for details).
> You might want to wrap the Depends line in debian/control since it is
> very long. I like to split the line after every comma.
> Can jarifa not connect to a MySQL server over the network? If so you
> might want to demote mysql-server to recommends.
> README.source looks like it belongs in the upstream README since it is
> not Debian specific.
> You add a symlink to ttf-dejavu fonts but do not depend on it. At the
> very least I would say you need a Recommend.
> Please switch jarifa to a randomly generated password instead of a
> static easily guessable one when the user does not set a password.
> www-data is defined in base-passwd so I think you can set permissions
> on /usr/share/jarifa/img/stats at build time instead of in
> Why does your prerm remove files from /usr? I think maybe your
> software should use /var/lib/jarifa instead for runtime-created data.
> I would replace your debian/rules file with
> /usr/share/doc/debhelper/examples/rules.tiny and add "conf/jarifa.sql
> usr/share/dbconfig-common/data/jarifa/install/mysql" to
> libchart-1.2 is an embedded code copy (with its own embedded font
> copy), please remove it from the tarball and package it separately.
> db_conn.inc is similar, but I'm wondering why I don't see that in the
> boinc package in Debian.
> These files look like they were created in Inkscape/GIMP but I don't
> see any SVG/XCF source for them: computer.png cpus.png credit.png
> supplier.png volunteer.png.
> I wonder what the license/source for vcss.png is, since it looks like
> an image from the W3C. Same for agplv3.png since it is an FSF image.
> Why is there a lang/es_ES.utf8/LC_MESSAGES/messages.mo but no
> Have you had the PHP code audited for vulnerabilities or run any
> automated exploit finding tools against jarifa? Examples of such tools
> available in Debian include w3af wapiti sqlmap rats. owasp.org is a
> good place to go to learn about web application security.
> Your jarifa.apache.conf forces jarifa to be available at /jarifa on
> all apache vhosts. As a sysadmin I would expect to be either asked
> what vhost, URL path to configure jarifa at or expect me to configure
> it manually based on an example config.
> lintian complaints:
> I: jarifa source: no-complete-debconf-translation
> I: jarifa source: debian-watch-file-is-missing
> To UNSUBSCRIBE, email to debian-mentors-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact email@example.com
> Archive: http://lists.debian.org/AANLkTinTdrM5eDEz5G1+hAeh_7kC-D-xoA8FXZvhwPX@mail.gmail.com
Por favor, NO utilice formatos de archivo propietarios para el
intercambio de documentos, como DOC y XLS, sino HTML, RTF, TXT, CSV
o cualquier otro que no obligue a utilizar un programa de un
fabricante concreto para tratar la información contenida en él.