[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RFS: liboauth (Updated package, License issue solved)

Dear mentors,

I am looking for a sponsor for my package "liboauth".
The upstream dev has solved the licensing issue with OpenSSL.
Now, the GPL licensed files are not linked.
Also, this version is a new upstream version (0.7.1) while the last one was 0.6.3.

* Package name    : liboauth
  Version         : 0.7.1-1
  Upstream Author : Robin Gareus <robin@gareus.org>
* URL             : http://liboauth.sourceforge.net/
* License         : MIT
  Section         : libs

It builds these binary packages:
liboauth-dev - C library for implementing OAuth 1.0 specification (development files)
liboauth0  - C library for implementing OAuth 1.0 specification

The package appears to be lintian clean.

The upload would fix these bugs: 581601

The package can be found on mentors.debian.net:
- URL: http://mentors.debian.net/debian/pool/main/l/liboauth
- Source repository: deb-src http://mentors.debian.net/debian unstable main contrib non-free
- dget http://mentors.debian.net/debian/pool/main/l/liboauth/liboauth_0.7.1-1.dsc

I would be glad if someone uploaded this package for me.

Kind regards
 Bilal Akhtar

On Thu, 2010-05-20 at 20:34 +0800, Paul Wise wrote:
> On Thu, May 20, 2010 at 1:52 PM, Bilal Akhtar <bilalakhtar96@yahoo.com> wrote:
> > in Debian was the reasons why many app developers copied the source code into their programs.
> Way to get my attention! If any of these apps are already in Debian,
> please notify the security team about the embedded code copies. Since
> you got my attention, here is a review (I don't have time to commit
> ongoing sponsorship, sorry):
> Please send the patches upstream if you haven't already.
> You can replace aclocal/autoheader/autoconf/automake with autoreconf.
> Probably you want dh-autoreconf instead of doing it manually. What is
> the reason for running autotools anyway?
> The paths in debian/patches/acandam.diff are specific to your personal
> machine, that is probably a bad idea.
> debian/patches/changeencodinglocale.diff is not present in
> debian/patches/series so it will not get applied, is that what you
> wanted to do?
> Insert my standard comment about library package descriptions, think
> about the audience for each one. -dev package will be manually
> installed by people developing apps using liboauth and also as part of
> build-depends. liboauth0 should only be installed automatically so it
> doesn't need a verbose description.
> You forgot to build-depend on autoconf/libtool.
> debian/docs should probably be named debian/liboauth-dev.examples
> No need to be so specific with the manual page path, usr/share/man/
> should do it.
> xmalloc is GPL not LGPL so I'm wondering why upstream and
> debian/copyright refer to the LGPL.
> xmalloc reduces the amount of software that can link with liboauth
> (due to GPL licensing incompatibilities), it would be nice if upstream
> could use plain malloc. You may want to send upstream a patch.
> Uhh, actually since you are linking xmalloc and OpenSSL (GPL & OpenSSL
> licenses are not compatible), the liboath0 binary package is not
> distributable!
> It is best to license debian/ under the same license as upstream so
> that they can make use of your patches etc.
> Should you be depending on locales/locales-all too?
> Do you need to install the static library and .la file? Debian seems
> to be moving towards not installing either of these.
> autotools warnings (send upstream):
> libtoolize: Consider adding `AC_CONFIG_MACRO_DIR([m4])' to configure.ac and
> libtoolize: rerunning libtoolize, to keep the correct libtool macros in-tree.
> libtoolize: Consider adding `-I m4' to ACLOCAL_AMFLAGS in Makefile.am.
> gcc warnings (send upstream):
> oauthbodyhash.c: In function 'main':
> oauthbodyhash.c:65: warning: unused variable 'bh'
> lintian complaints (send most upstream):
> I: liboauth0: no-symbols-control-file usr/lib/liboauth.so.0.5.2
> X: liboauth0: shlib-calls-exit usr/lib/liboauth.so.0.5.2
> I: liboauth-dev: hyphen-used-as-minus-sign usr/share/man/man3/oauth.3.gz:374
> I: liboauth-dev: hyphen-used-as-minus-sign usr/share/man/man3/oauth.3.gz:376
> I: liboauth-dev: hyphen-used-as-minus-sign usr/share/man/man3/oauth.3.gz:403
> I: liboauth-dev: hyphen-used-as-minus-sign usr/share/man/man3/oauth.3.gz:405
> I: liboauth-dev: hyphen-used-as-minus-sign usr/share/man/man3/oauth.3.gz:863
> I: liboauth-dev: spelling-error-in-manpage
> usr/share/man/man3/oauth.3.gz paramater parameter
> I: liboauth-dev: spelling-error-in-manpage
> usr/share/man/man3/oauth.3.gz recieve receive
> I: liboauth0: spelling-error-in-binary ./usr/lib/liboauth.so.0.5.2
> environement environment
> uscan warning:
> pabs@chianamo:~/tmp/liboauth-0.6.3$ uscan
> Use of uninitialized value $2 in split at /usr/bin/uscan line 1503,
> <WATCH> line 2.
> Seems that can be fixed by adding a slash to the URL.
> -- 
> bye,
> pabs
> http://wiki.debian.org/PaulWise

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: