[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFS: mediatomb -- open source (GPL) UPnP MediaServer with a web interface

On Nov 26, 2007 3:36 PM, Andres Mejia <mcitadel@gmail.com> wrote:

> I am looking for a sponsor for my package "mediatomb".

A more thorough review of your package:

doc/mediatomb.1 is generated from docbook xml, but that source code
isn't available in the source package. This means the package cannot
enter Debian because it fails DFSG 2. Please remove, rewrite or add
the docbook source.

Some of the .js files are not GPL licenced, please fill out the
copyright file properly. Other files are copyrighted by entities not
mentioned in debian/copyright: src/md5/* (different copyright holder &
licence), src/uuid (different copyright holder), src/inotify-nosys.h
(different copyright holder, no licence, therefore we cannot
distribute it - presumably there is a properly licenced copy somewhere
since it looks like it came from linux), tombupnp/*** (different
copyright holders & licences), tombupnp/upnp/src/uuid/upnp_md5.c &
upnp_md5.h (looks non-free - no permission to distribute, suggest
replacing with a public domain md5 implementation).

src/uuid looks like a copy of libuuid, if your package gets uploaded,
please notify the security team that your package contains an embedded
copy of libuuid. Please also suggest to upstream that they remove it
from the source and instead depend on an external libuuid from
http://sourceforge.net/projects/e2fsprogs for example.

Same for tombupnp, that looks like a modified copy of libupnp, try to
get that merged into upstream libupnp: http://pupnp.sourceforge.net/

You also embed external JS libraries (each one js file), I'm not sure
what debian policy about that is, although we now have fckeditor in
the archive, so maybe package them up so other packages can depend on
them? Might want to bring this up on the debian-webapps list.

You may want to rewrite the copyright file to be machine parseable:

http://wiki.debian.org/Proposals/CopyrightFormat

"open source (GPL)" in the description is redundant for packages in Debian main

The Vcs-* links point to a location that has only etch and sarge,
where do you store packaging for sid?

Do you have access to upstream SVN? If so, I suggest moving the
.desktop file there so other distros may benefit from it too.
Obviously you'd also need to add a ./configure flag so that
distributions can choose which web browser to launch. Possibly the
same for debian/config.xml.inst, but I'm not too sure about that.

No need to install both the README files, I suggest just installing
README. Same for the two scripting.txt files (install the ASCII one).

Relevant linda warnings:

W: mediatomb-common; Long descriptions contains short description.
 The long description of this package contains the short description.
 This is a bad idea, as the long description should be long, and not
 just reiterate the short description.
W: mediatomb; Long descriptions contains short description.

-- 
bye,
pabs

http://wiki.debian.org/PaulWise
Reply to: