Re: Re: RFS: uhub (closes ITP bug)
> Didn't have time for a through review yet, but a couple of things I'd
> like to comment on:
Thanks a lot for your remarks. I fixed some of them.
>* debian/copyright appears to be a mix between free-form and DEP-5. I
> would recommend using either, but not a mix between the two, as that
> looks just awkward.
I have not aimed to support DEP5. Such form of writing just seems more human
readable for me. Maybe I will update copyright file according the DEP-5 spec later.
> It would also be nice if you'd describe how exactly the .orig.tar.bz2
> is generated: is it downloaded from the specified location as-is? Is
> it repackaged in one way or the other? (I suppose so, the debian/ dir
> is not present in the .orig.tar.gz)
All necessary information available in debian/copyright file:
https://github.com/tehnick/uhub-debian/blob/master/debian/copyright#L7
The GitHub has no possibility to make bzip tarballs from git tags
automatically. So only zip archive and gzip tarballs are available there.
debian/ dir in upstream was made by program developer. It has no relation to me
and it don't conform to Debian Policy.
So .orig.tar.bz2 formed in such way:
https://github.com/tehnick/deb_packages/blob/master/Debian/uhub/automatic_update_uhub#L77
>* debian/uhub.docs
>
> AUTHORS is already documented in the copyright file, BUGS is - in my
> opinion - not useful in a Debian package, TODO is an empty file, and
> README does not contain all that much information, either.
>
> debian/doc/getstarted.txt also contains a lot of useless information,
> stuff that's not relevant for users of the Debian binary package.
>
> Not having a clue about what uhub is, though, there might be things in
> it that users DO need, so this is the only file I'd leave in
> debian/uhub.docs. And add the WiKi link from README to it.
Updated. Thanks.
>* debian/uhub.postrm, debian/uhub.prerm
>
> These files can be safely removed, as they only includes a #DEBHELPER#
> tag.
Deleted. Thanks.
>* debian/uhub.postinst
>
> The postinst unconditionally chmods /var/log/uhub to 750 on every
> upgrade.
This is important security issue. I think this logs shouldn't be available
for reading by others.
> I would suggestshipping the directory in the deb with that
> permission already, and drop the postinst.
This is bad idea:
W: uhub: non-standard-dir-perm var/log/uhub/ 0750 != 0755
N:
N: The directory has a mode different from 0755, and it's not one of the
N: known exceptions.
N:
N: Refer to Debian Policy Manual section 10.9 (Permissions and owners) for
N: details.
N:
N: Severity: normal, Certainty: possible
N:
N: Check: files, Type: binary, udeb
>* debian/rules
>
> Please do NOT set SILENT=YES! We do want to see the exact commandline,
> together with command-line options and whatnot, so that any possible
> build failiures or miscompilations can be tracked easier.
Yes, this was my fault. Fixed.
>* Other notes
>
> Since uhub seems to have the option of being compiled with SSL
> support, it might be a good idea to enable that, perhaps?
In this stable release SSL support is very experimental on my opinion.
But in current developing version it is quite good. So I will enable this
option in the next stable release.
Reply to: