Re: RFS: liboauth (Updated package)
On Thu, May 20, 2010 at 1:52 PM, Bilal Akhtar <bilalakhtar96@yahoo.com> wrote:
> in Debian was the reasons why many app developers copied the source code into their programs.
Way to get my attention! If any of these apps are already in Debian,
please notify the security team about the embedded code copies. Since
you got my attention, here is a review (I don't have time to commit
ongoing sponsorship, sorry):
Please send the patches upstream if you haven't already.
You can replace aclocal/autoheader/autoconf/automake with autoreconf.
Probably you want dh-autoreconf instead of doing it manually. What is
the reason for running autotools anyway?
The paths in debian/patches/acandam.diff are specific to your personal
machine, that is probably a bad idea.
debian/patches/changeencodinglocale.diff is not present in
debian/patches/series so it will not get applied, is that what you
wanted to do?
Insert my standard comment about library package descriptions, think
about the audience for each one. -dev package will be manually
installed by people developing apps using liboauth and also as part of
build-depends. liboauth0 should only be installed automatically so it
doesn't need a verbose description.
You forgot to build-depend on autoconf/libtool.
debian/docs should probably be named debian/liboauth-dev.examples
No need to be so specific with the manual page path, usr/share/man/
should do it.
xmalloc is GPL not LGPL so I'm wondering why upstream and
debian/copyright refer to the LGPL.
xmalloc reduces the amount of software that can link with liboauth
(due to GPL licensing incompatibilities), it would be nice if upstream
could use plain malloc. You may want to send upstream a patch.
Uhh, actually since you are linking xmalloc and OpenSSL (GPL & OpenSSL
licenses are not compatible), the liboath0 binary package is not
distributable!
It is best to license debian/ under the same license as upstream so
that they can make use of your patches etc.
Should you be depending on locales/locales-all too?
Do you need to install the static library and .la file? Debian seems
to be moving towards not installing either of these.
autotools warnings (send upstream):
libtoolize: Consider adding `AC_CONFIG_MACRO_DIR([m4])' to configure.ac and
libtoolize: rerunning libtoolize, to keep the correct libtool macros in-tree.
libtoolize: Consider adding `-I m4' to ACLOCAL_AMFLAGS in Makefile.am.
gcc warnings (send upstream):
oauthbodyhash.c: In function 'main':
oauthbodyhash.c:65: warning: unused variable 'bh'
lintian complaints (send most upstream):
I: liboauth0: no-symbols-control-file usr/lib/liboauth.so.0.5.2
X: liboauth0: shlib-calls-exit usr/lib/liboauth.so.0.5.2
I: liboauth-dev: hyphen-used-as-minus-sign usr/share/man/man3/oauth.3.gz:374
I: liboauth-dev: hyphen-used-as-minus-sign usr/share/man/man3/oauth.3.gz:376
I: liboauth-dev: hyphen-used-as-minus-sign usr/share/man/man3/oauth.3.gz:403
I: liboauth-dev: hyphen-used-as-minus-sign usr/share/man/man3/oauth.3.gz:405
I: liboauth-dev: hyphen-used-as-minus-sign usr/share/man/man3/oauth.3.gz:863
I: liboauth-dev: spelling-error-in-manpage
usr/share/man/man3/oauth.3.gz paramater parameter
I: liboauth-dev: spelling-error-in-manpage
usr/share/man/man3/oauth.3.gz recieve receive
I: liboauth0: spelling-error-in-binary ./usr/lib/liboauth.so.0.5.2
environement environment
uscan warning:
pabs@chianamo:~/tmp/liboauth-0.6.3$ uscan
Use of uninitialized value $2 in split at /usr/bin/uscan line 1503,
<WATCH> line 2.
Seems that can be fixed by adding a slash to the URL.
--
bye,
pabs
http://wiki.debian.org/PaulWise
Reply to: