Daniel Knabl <daniel@knabl.com> writes: > Am Sun, 22 Jan 2006 17:55:55 +0100 schrieb Daniel Knabl > <daniel@tirolinux.net>: >> as i use this piece of software already on my own host, i would like >> to provide it to any other users. > Now it seems that most of the work is finished. [0] No, the package is in a horrible state and should NOT enter the archive like this. Let's look: * Wrong version number, you'll be fucked when you want to release the real 2.2: dpkg --compare-versions "2.2rc-1" '<<' "2.2-1" || echo "crappy version number" * Doesn't build in my pbuilder chroot * Your Standards-Version is out-of-date. Not acceptable for a new package. * The description sucks. A LOT. Please revise it (see the developer's reference for hints about format and content). The second paragraph looks like it should be a list, but somehow I don't understand the content. * If vexim stores its configuration in a DB, it will probably don't work without an exim with DB support, right? So you should probably depend on the exim4-package providing this support... * debian/conffiles containing files in /etc and using dh_installdeb with DH_COMPAT >= 3 leads to files being listed twice in the conffiles file in the binary package * Please do not use german in the debconf template names. * 'After setup of vexim has finished the man Admin, also called "siteadmin" uses a standard password to log in.' - WTF? Fix the english. * Instead of setting an insecure default password and warning the admin about it, you could like ... ask for a secure password with debconf. * Please fix the typos in the templates file. * You use dh_installdirs, but not dh_install. Why? * You use dh_installdirs, but create one dir with install in debian/rules * You have a shitload of unneeded targets (configure, configure-stamp, build, cleanfiles), remove them. * You miss the obligatory binary-arch target. * debian/copyright is wrong. The license you mention is *not* GPL style. * You say the copyright holder is "Avleen Vig <postmaster@silverwraith.om>", but after that, you quote from the upstream LICENSE file: | Copyright 2003 Avleen Vig and Virtual Exim Development Team * Installing the INSTALL file in a binary package is ... not really needed. Because you like, have the package installed when you can read the INSTALL file... * The LICENSE file is not needed, you have the debian/copyright file. OK, now to the maintainer scripts ... They're *all* broken. You use debconf to ask questions about the FQDN ... and then don't use it. config script: * You do a db_get vexim/fqdn - which has no default value and is never used in a db_input statement. postinst: * You do a whole lot of stuff in your postinst/configure. Now, please remind yourself that configure is also called for upgrades. This leads to some interesting things ... like you resetting the password to a random one every time. * Using files in /tmp with a pre-defined name is not really secure. Use the magic mktemp script. * The backup of the exim4-config will be overwritten in every run, which is not really wise for a *backup* * In your templates file, you say that the password is "debian". Later, you use a random value. Weird! * postinst is sometimes called with other values (*not* only configure). Though these are perfectly OK, your postinst script will fail. prerm, preinst: * Empty file, remove it. There's also a heap of lintian and linda errors/warnings. OK, that's what I see for the moment. Many of these problems could have been avoided by usage of linda, lintian, pbuilder, piuparts and by actually reading and understanding the provided documentation. In it's current state, the package is simply unuseable and will not get accepted to the Debian archive. Marc -- BOFH #279: The static electricity routing is acting up...
Attachment:
pgpWi1n8AKFS8.pgp
Description: PGP signature