On Wed, 2007-12-26 at 17:47 +0200, liran tal wrote: > > I appreciate your feedback though for the lack of better words I can > summarize your reply as being a nicer way for saying "RTFM". No, more a case of "if you are unsure how the guidelines apply to this package, reconsider whether you are the best person to package it at this stage and find something which will enable you to learn how things work for simpler packages". i.e. the problem lies within the package itself because it is an intrinsically difficult package to build properly and you would be best advised finding something else when you are only just starting out as maintainer. PHP is a nightmare for security problems and packaging problems. What I say to you is what I would say to anyone reading the NM guide for the first time - *don't start with PHP*! (Don't start with a compiled library either, they are complex in entirely different ways.) The NM guide does mention that libraries are not a wise choice for your first package but as it happened, I didn't get the chance of my own advice because when I started NM, I was already upstream for a library in Debian that needed an update. ;-) So learn from my mistakes and don't do things the hard way. > I do not wish to dwell into accusations and blames for documentations > and such, > if this is what you concluded from my previous email then you have > spelled my > intentions wrong. I did not conclude that. > Maybe it was my mistake to submit the new package (0.9.5) and also go > all over again about creating a package while I already started > working on it > in previous versions (0.9.3 and 0.9.4) - so for that I am sorry, it > seemed to > have fired up an un-called for argument about the package building. I'd take that as a hint that you ought to consider learning how things work using a different package as your starting point. I'm not going to advise you on daloradius for a couple of reasons: 1. I don't generally sponsor PHP anyway (I will but only if the maintainer convinces me that s/he has a firm grasp of the issues involved, which you have not done.) 2. I don't think daloradius is the right package for you to maintain right now and therefore cannot be the right package for me to sponsor. Come back to it once you have learnt a lot more about Debian by packaging at least one different package that is not written in PHP. As far as PHP does, convenience (of programming) is very definitely the enemy of security. (Yes, I do write PHP, I do know at least some of the problems inherent in that language. No, I would not dare inflict my PHP on Debian as a package, I stick to the few web servers to which I have root access so that I can step in and rescue it when things go wrong.) Leave daloradius behind - forget it completely. Move on to a different, preferably compiled, package and restart with the NM guide. Don't even revisit daloradius packaging until you have had at least one non-PHP package successfully sponsored and bug free in Debian testing. -- Neil Williams ============= http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/
Attachment:
signature.asc
Description: This is a digitally signed message part