Re: dbconfig-common; repacking source
On Fri, Dec 9, 2011 at 1:30 AM, Christian Welzel wrote:
> currently i try to get my typo3 packages into shape, so the
> new version gets accepted by ftp-masters.
Here is a review of the package you uploaded to mentors.d.n recently:
Why does the source and one binary package name include a version number?
This sentence in one of the README.Debian files doesn't make sense to me:
"For more details to typo3-dummy look there."
You may want to run wrap-and-sort -s
The Homepage field belongs in the source section of debian/control,
not duplicated in all the binary sections.
ttf-dejavu has been split up into ttf-dejavu-core and
ttf-dejavu-extra, do you need them both? If not please update the
The Vcs-Browser URL is 404.
Please add a Vcs-Svn field.
The blank lines and comments in debian/watch are not needed, remove them.
Please add comments to your lintian overrides file indicating why you
are overriding each tag.
debian/compat is quite old, I would suggest using debhelper compat 7 or later.
I wonder if adding a localconf.d directory and dropping a file in
there is a better way of providing Debian-specific configs.
Please work on getting your patches upstreamed.
I'm not sure that 01-fontsreadme.patch is appropriate.
03-dummy-addindexpages.patch looks misguided, shouldn't your
configuration examples and or generator simply turn off apache
directory listing? I suppose it is useful as a last resort though. I
don't it is a good idea to redirect to / though, the site might be
installed at a different path in the domain name than /. I would
instead suggest to put a message saying directory listing is not
I am horrified that PHP exec() appears to take only a string instead
of an array. I suggest you run away screaming. This comment brought to
you by 06-fix-im-command.patch. After a bit more reading I found
pcntl_exec, which seems to do the right thing. Please convince your
upstream to switch to pcntl_exec and friends.
debian/typo3-src-4.6.examples can be deleted or the contents uncommented.
Have you looked at wwwconfig-common?
The package unilaterally takes over /cms on any non-typo3 domains also
hosted by the machine. This is bad if some user is using another CMS
at that URL.
Having a default password is a bad idea.
There are quite a lot of duplicated files in the source package, you
might like to inform upstream about that.
rats finds a lot of potential vulnerabilities.
There are a metric buttload of embedded code copies still:
typo3/contrib/pear/* various projects
various parts of typo3/sysext
At this point I stopped reviewing the package because of all the
embedded code copies.