Bug#710989: RFS: plover/2.2.0-4 ITP

To: Thomas Thurman <thomas@thurman.org.uk>, 710989@bugs.debian.org
Subject: Bug#710989: RFS: plover/2.2.0-4 ITP
From: Paul Wise <pabs@debian.org>
Date: Tue, 4 Jun 2013 09:48:09 +0800
Message-id: <[🔎] CAKTje6FwDE6iTkwktDyecu5S-p8GLZwhfObrp1PFR0xkY2nhkQ@mail.gmail.com>
Reply-to: Paul Wise <pabs@debian.org>, 710989@bugs.debian.org
In-reply-to: <[🔎] 20130603212651.GT31312@chiark.greenend.org.uk>
References: <[🔎] 20130603212651.GT31312@chiark.greenend.org.uk>

On Tue, Jun 4, 2013 at 5:26 AM, Thomas Thurman wrote:

> I am looking for a sponsor for my package "plover".

As promised, here is a review...

There are some that I require to be fixed before I would upload this to Debian:

There is a security issue (DoS attack); on multi-user systems, any
user can prevent other users from running the program. I'm not sure
but there may also be a symlink attack. Anyway, please ask upstream
switch to using this for the location of the lock file:

os.path.expanduser('~/.plover.lock')

I am unable to find where the tarball you have uploaded came from. The
URL in debian/copyright has a different md5sum and the watch file
doesn't work. The tarball must match an upstream released tarball.

The debian/copyright file is incomplete, plover/machine/txbolt.py is
copyright by Hesky Fisher. The Debian ftp-team will not accept this
package:

http://ftp-master.debian.org/REJECT-FAQ.html

In addition to these issues, there are some other things that would be
nice to fix at some point:

Please get the patch and manual page included upstream. If they are
already forwarded upstream please add a comment to the manual page and
a DEP-3 header to the patch.

http://www.debian.org/social_contract
http://dep.debian.net/deps/dep3/

The comment in the debian/rules file is not needed, please remove it.

--buildsystem=python_distutils should not be needed in debian/rules,
dh should detect the build system automatically.

The watch file doesn't work, please fix it, probably by switching to
the pypi location. You can test it by running uscan --verbose. Tips
here:

http://wiki.debian.org/debian/watch

You may want to run wrap-and-sort -sa to make diffs of debian/control
and other files more readable in future.

I would suggest removing the last paragraph from the package
description. The implementation language and the license are
irrelevant to users. Implementation language can be indicated via
debtags once the package is in Debian. The license info is in
debian/copyright. The pronunciation of the program's name isn't
something that is useful either.

http://debtags.debian.net/

I would suggest that 'python' is not the correct section. Either
'misc' or 'utils' would be appropriate.

The upstream setup.py hard-codes /usr for the location of the image
and freedesktop menufile. This means that it will try to write to /usr
even when the user specified --prefix ~/opt.

The upstream README.txt file includes installation information that
isn't useful to users of the Debian binary packages. I would suggest
that install info should be split out into INSTALL.txt or
README.install or similar.

The URLs in PKG-INFO, plover/__init__.py are different to the ones in
debian/ and they all redirect to another page entirely. I'd suggest
sorting this out with upstream.

debian/plover.manpages, debian/rules debian/watch do not need the
extra blank lines.

Automatic tests:

http://wiki.debian.org/HowToPackageForDebian#Check_points_for_any_package

lintian:

P: plover: no-upstream-changelog
I: plover: desktop-entry-lacks-keywords-entry
usr/share/applications/Plover.desktop

lintian4py:

i: plover source: python-stdeb-boilerplate debian/rules:3 "This file
was automatically generated by stdeb 0.6.0+git"
x: plover: except-without-exception-type
usr/share/pyshared/plover/gui/serial_config.py:282
p: plover: pyflakes-unused-import usr/share/pyshared/plover/config.py:9: logging
e: plover: pyflakes-undefined-name
usr/share/pyshared/plover/dictionary/check_encoding.py:3: parser
e: plover: pyflakes-undefined-name
usr/share/pyshared/plover/dictionary/check_encoding.py:7: sys
p: plover: pyflakes-unused-variable
usr/share/pyshared/plover/dictionary/check_encoding.py:7:
dict_filename
p: plover: pyflakes-unused-import
usr/share/pyshared/plover/gui/config.py:12: dictionary
i: plover: pyflakes-redefined-while-unused
usr/share/pyshared/plover/keyboardcontrol.py:114: event line 31
p: plover: pyflakes-unused-variable
usr/share/pyshared/plover/keyboardcontrol.py:390: keycode_events
e: plover: pyflakes-undefined-name
usr/share/pyshared/plover/machine/geminipr.py:50: serial_port

pyflakes:

./plover/keyboardcontrol.py:114: redefinition of unused 'event' from line 31
./plover/keyboardcontrol.py:390: local variable 'keycode_events' is
assigned to but never used
./plover/config.py:9: 'logging' imported but unused
./plover/gui/config.py:12: 'dictionary' imported but unused
./plover/dictionary/check_encoding.py:3: undefined name 'parser'
./plover/dictionary/check_encoding.py:7: undefined name 'sys'
./plover/dictionary/check_encoding.py:7: local variable
'dict_filename' is assigned to but never used
./plover/machine/geminipr.py:50: undefined name 'serial_port'

pep8:

lots of warnings

desktop-file-validate:

./application/Plover.desktop: error: value "2.2.0" for key "Version"
in group "Desktop Entry" is not a known version

isutf8:

./plover/assets/dict.json: line 91455, char 1, byte offset 11: invalid
UTF-8 code

-- 
bye,
pabs

http://wiki.debian.org/PaulWise

Reply to:

Follow-Ups:
- Bug#710989: RFS: plover/2.2.0-4 ITP
  - From: Jakub Wilk <jwilk@debian.org>

References:
- Bug#710989: RFS: plover/2.2.0-4 ITP
  - From: Thomas Thurman <thomas@thurman.org.uk>

Prev by Date: Re: advice about compile a package
Next by Date: Re: svn revs as version number
Previous by thread: Bug#710989: RFS: plover/2.2.0-4 ITP
Next by thread: Bug#710989: RFS: plover/2.2.0-4 ITP
Index(es):
- Date
- Thread