Re: Re: RFS: uhub (closes ITP bug)

To: algernon@balabit.hu
Cc: debian-mentors@lists.debian.org
Subject: Re: Re: RFS: uhub (closes ITP bug)
From: Boris Pek <tehnick-8@mail.ru>
Date: Fri, 07 Oct 2011 00:54:06 +0400
Message-id: <E1RBuxC-0006Sc-00.tehnick-8-mail-ru@f50.mail.ru>
Reply-to: Boris Pek <tehnick-8@mail.ru>

> Didn't have time for a through review yet, but a couple of things I'd
> like to comment on:

Thanks a lot for your remarks. I fixed some of them.


>* debian/copyright appears to be a mix between free-form and DEP-5. I
>  would recommend using either, but not a mix between the two, as that
>  looks just awkward.

I have not aimed to support DEP5. Such form of writing just seems more human
readable for me. Maybe I will update copyright file according the DEP-5 spec later.

>  It would also be nice if you'd describe how exactly the .orig.tar.bz2
>  is generated: is it downloaded from the specified location as-is? Is
>  it repackaged in one way or the other? (I suppose so, the debian/ dir
>  is not present in the .orig.tar.gz)

All necessary information available in debian/copyright file:
https://github.com/tehnick/uhub-debian/blob/master/debian/copyright#L7

The GitHub has no possibility to make bzip tarballs from git tags
automatically. So only zip archive and gzip tarballs are available there.

debian/ dir in upstream was made by program developer. It has no relation to me
and it don't conform to Debian Policy.

So .orig.tar.bz2 formed in such way:
https://github.com/tehnick/deb_packages/blob/master/Debian/uhub/automatic_update_uhub#L77 

>* debian/uhub.docs
>
>  AUTHORS is already documented in the copyright file, BUGS is - in my
>  opinion - not useful in a Debian package, TODO is an empty file, and
>  README does not contain all that much information, either.
>
>  debian/doc/getstarted.txt also contains a lot of useless information,
>  stuff that's not relevant for users of the Debian binary package.
>
>  Not having a clue about what uhub is, though, there might be things in
>  it that users DO need, so this is the only file I'd leave in
>  debian/uhub.docs. And add the WiKi link from README to it.

Updated. Thanks.

>* debian/uhub.postrm, debian/uhub.prerm
>
>  These files can be safely removed, as they only includes a #DEBHELPER#
>  tag.

Deleted. Thanks.

>* debian/uhub.postinst
>
>  The postinst unconditionally chmods /var/log/uhub to 750 on every
>  upgrade.

This is important security issue. I think this logs shouldn't be available
for reading by others.

>  I would suggestshipping the directory in the deb with that
>  permission already, and drop the postinst.

This is bad idea:
W: uhub: non-standard-dir-perm var/log/uhub/ 0750 != 0755
N: 
N:    The directory has a mode different from 0755, and it's not one of the
N:    known exceptions.
N:    
N:    Refer to Debian Policy Manual section 10.9 (Permissions and owners) for
N:    details.
N:    
N:    Severity: normal, Certainty: possible
N:    
N:    Check: files, Type: binary, udeb

>* debian/rules
>
>  Please do NOT set SILENT=YES! We do want to see the exact commandline,
>  together with command-line options and whatnot, so that any possible
>  build failiures or miscompilations can be tracked easier.

Yes, this was my fault. Fixed.

>* Other notes
>
>  Since uhub seems to have the option of being compiled with SSL
>  support, it might be a good idea to enable that, perhaps?

In this stable release SSL support is very experimental on my opinion.
But in current developing version it is quite good. So I will enable this
option in the next stable release.

Reply to:

Follow-Ups:
- Re: RFS: uhub (closes ITP bug)
  - From: Gergely Nagy <algernon@madhouse-project.org>

Prev by Date: Re: RFS: roxterm (updated package)
Next by Date: Re: RFS: uhub (closes ITP bug)
Previous by thread: Re: RFS: manaplus
Next by thread: Re: RFS: uhub (closes ITP bug)
Index(es):
- Date
- Thread