[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#726533: RFS: 0install/2.3.3-2 [ITP] -- rename and split zeroinstall-injector package

On 9 February 2014 09:27, Vincent Cheng <vcheng@debian.org> wrote:
> On Sat, Feb 8, 2014 at 6:33 AM, Thomas Leonard <talex5@gmail.com> wrote:
>> On 7 February 2014 22:18, Vincent Cheng <vcheng@debian.org> wrote:
>>> On Fri, Feb 7, 2014 at 4:02 AM, Thomas Leonard <talex5@gmail.com> wrote:
>>>> Hi Vincent,
>>>>
>>>> Many thanks for uploading this. However, the package has been stuck in
>>>> NEW for the last few weeks. I'm not sure what the problem is, but
>>>> possibly it's because the 0install package didn't contain any files
>>>> (it was just a meta-package for pulling in the GUI dependencies),
>>>> which someone mentioned might be a problem.
>>>>
>>>> I've uploaded a new version now which puts the GUI plugin files in the
>>>> "0install" package while leaving the rest in "0install-core":
>>>>
>>>>   https://mentors.debian.net/package/zeroinstall-injector
>>>>
>>>> Any chance you could upload that version to (hopefully) unstick the process?
>>>
>>> Your updated package FTBFS in a clean sid pbuilder chroot; it looks
>>> like you might need to add unzip to build-depends? I've attached the
>>> build log.
>>
>> Oops. Sorry about that.
>>
>> I've uploaded a new version that now builds correctly under pbuilder.
>>
>> http://mentors.debian.net/package/zeroinstall-injector
>
> Built, signed, and uploaded, thanks!
>
> Some (somewhat pedantic) nitpicks for future uploads:
>
> - please be more verbose in d/changelog; e.g. mention that you've
> added a bunch of new build dependencies to your package
> - debian/patches/ is empty, remove it
> - debian/copyright: similarly to your LGPL license header/appendix
> text, you need to include that for the GPL as well since your debian
> packaging is covered under GPL and not LGPL (alternatively, license
> everything under the same license)
>
> And lintian has a fair bit to complain about:
>
> P: zeroinstall-injector source: debian-watch-may-check-gpg-signature
> W: 0install-core: hardening-no-relro usr/bin/0alias
> W: 0install-core: hardening-no-relro usr/bin/0desktop
> W: 0install-core: hardening-no-relro usr/bin/0install
> W: 0install-core: hardening-no-relro usr/bin/0launch
> W: 0install-core: hardening-no-relro usr/bin/0store
> W: 0install-core: hardening-no-relro usr/bin/0store-secure-add
> P: 0install-core: no-upstream-changelog
> I: 0install-core: package-contains-empty-directory usr/lib/0install.net/
> W: 0install-core: binary-without-manpage usr/bin/0alias
> I: 0install-core: desktop-entry-lacks-keywords-entry
> usr/share/applications/0install.desktop
> W: 0install: hardening-no-relro usr/lib/0install.net/gui_gtk.cmxs
> I: 0install: hardening-no-fortify-functions usr/lib/0install.net/gui_gtk.cmxs
> I: 0install: capitalization-error-in-description GTK GTK+
>
> (since you're upstream, you can easily fix some of these issues, e.g.
> by signing your release tarballs with gpg, including a manpage for
> /usr/bin/0alias)
>
> Regards,
> Vincent

Thanks! Note that some of these are false positives (it's up to the
ocaml compiler whether it includes hardening or relies on its own
static type and bounds checking). I'll get it to check the signature
though.


-- 
Dr Thomas Leonard        http://0install.net/
GPG: 9242 9807 C985 3C07 44A6  8B9A AE07 8280 59A5 3CC1
GPG: DA98 25AE CAD0 8975 7CDA  BD8E 0713 3F96 CA74 D8BA
Reply to: