On Thu Feb 12 2015 at 9:53:12 AM Andreas Tille <
andreas@an3as.eu> wrote:
On Thu, Feb 12, 2015 at 12:16:57AM +0000, Michael Crusoe wrote:
> - [ ] hardening-no-relro usr/lib/trinityrnaseq/Chrysalis/*
> Needs investigation
While fixing this is nice to have I would not insist on it for sponsoring
the package.
Good to know!
> - [ ] jar-not-in-usr-share usr/lib/trinityrnaseq/Butterfly/Butterfly.jar,
> usr/lib/trinityrnaseq/util/support_scripts/ExitTester.jar
> May be fixable with a move + symlink. Need to make sure that they are pure
> Java
I'm not a Java expert but IMHO all JARs are machine independent and thus
should reside in /usr/share. All Java packages with machine dependant
code I have seen (not too much admittedly) had extra *.so files in
/usr/lib. If you are unsure asking on debian-java@lists.debian.org is
the best way to clarify.
Upon review they are pure Java
> - [ ] binary-without-manpage usr/bin/Trinity
Same as above. It would be nice to have (even nicer than hardening)
there are cases where it is hard to write a sensible manpage.
I've produced one with help2man.
> - [ ] script-not-executable: several
Usually this is either easy to fix or contains a hidden problem that
should be fixed.
Fixed
> - [ ] debian/copyright needs audit
* lacking "Files: debian/*" paragraph
Fixed.
* `licensecheck -r *` did not uncover anything suspicious to me
* trinity-plugins/GAL_0.2.1: This third party code should be
specified separately with the license that can be found in the
downloadable archive at
http://www.sequenceontology.org/software/GAL_Code/
However, I'd prefer packaging GAL separately (in the latest
version)
Sure, for another day :-)
* trinity-plugins/Trimmomatic-0.32: Binary without source!
Trimmomatic is packaged in this version anyway - so this should
be simply dropped via Files-Excluded
Done
* trinity-plugins/collectl: Packaged for Debian. Once you are
removing files via Files-Excluded the most easy thing would be
to delete this as well which saves you the work of mentioning
it in d/copyright
Only used via a hidden option. Excluded and added as a 'suggests'
* trinity-plugins/fstrozzi-Fastool-7c3e034f05: While mentioned
properly in d/copyright I'd at least refer to the download
location
https://github.com/fstrozzi/Fastool
in a Comment: field. I'd regard it as the better solution to
create a separate package since it might be considered useful
for people not only using it via trinityrnaseq
I've added the comment. As for packaging it separately I'll leave this to some other motivated individual to do so. There are a lot of bioinformatics libraries that are functionally single use.
* trinity-plugins/parafly/src/ParaFly.cpp:
Authors of this wrapper are MB Couger (mbcouger(AT Symbol)gmail.com, Matt Stowe mstowe(AT Symbol)okstate.edu
This should at least deserve an extra d/copyright line and you
should also dig for the original download location. I can
not evaluate the sense of a separate package.
Nothing coming up. Probably Broad Foundation employees / interns. I think they are covered by the existing entry.
* trinity-plugins/slclust: Same as for Fasttool - I'd really
love to see a separate package from
http://sourceforge.net/projects/slclust/
See above :-)
* trinity-plugins/TransDecoder_r20140704.tar.gz:
Same as for Fasttool / slclust:
https://transdecoder.github.io/
Gah, this contains two programs already packaged (cd-hit & ffindex (two versions!)) and another copy of Parafly. Looks like this will require a separate package just to keep the source clean. Trinity can use the Parafly from this (yet to be created) package.
* trinity-plugins/jellyfish-2.1.4.tar.gz: --> Files-Excluded
since we have a separate package
* trinity-plugins/rsem-1.2.19.tar.gz: --> Files-Excluded since
you ITP it as you wrote below
Done.
Please feel free to ask for help here if you agree that Fastool, slclust
and transdecoder should be packaged separately. I could even try to
work in a MoM project with some potential student on these.
> trinityrnaseq has two unfulfilled dependencies: rsem & express
>
> rsem
> - [ ] lacks manpages
> - [ ] lacks ITP
>
> express:
> - [ ] lacks ITP
Thanks for sending this kind of status messages. That's really helpful
and enables team input.
Go team!