Re: RFS: jarifa

To: Paul Wise <pabs@debian.org>
Cc: debian-mentors@lists.debian.org
Subject: Re: RFS: jarifa
From: Daniel Lombraña González <teleyinex@gmail.com>
Date: Tue, 14 Dec 2010 11:01:28 +0100
Message-id: <[🔎] AANLkTinF0SsjJpJAXLV5oADEW0Km0puEZA74gBHqjxo4@mail.gmail.com>
In-reply-to: <[🔎] AANLkTinTdrM5eDEz5G1+hAeh_7kC-D-xoA8F=XZvhwPX@mail.gmail.com>
References: <[🔎] AANLkTim-9eaNJsni7uU5vPiDzSPa+MhjbupptEhDmO2d@mail.gmail.com> <[🔎] AANLkTinTdrM5eDEz5G1+hAeh_7kC-D-xoA8F=XZvhwPX@mail.gmail.com>

Thanks for the comments. I will try to address all your points, and fix them!!!

On Sun, Dec 12, 2010 at 17:58, Paul Wise <pabs@debian.org> wrote:
> 2010/12/9 Daniel Lombraña González <teleyinex@gmail.com>:
>
>> I am looking for a sponsor for my package "jarifa".
>
> A review of the source package:
>
> Your upstream version should be 1.0~rc8 since that sorts before 1.0
> and rc usually means release candidate.
>
> debian/patches/debian-changes-1.0-rc8-1 looks like it can be removed
> or applied upstream.
>
> Please add a debian/watch file (see uscan manual page for details).
>
> You might want to wrap the Depends line in debian/control since it is
> very long. I like to split the line after every comma.
>
> Can jarifa not connect to a MySQL server over the network? If so you
> might want to demote mysql-server to recommends.
>
> README.source looks like it belongs in the upstream README since it is
> not Debian specific.
>
> You add a symlink to ttf-dejavu fonts but do not depend on it. At the
> very least I would say you need a Recommend.
>
> Please switch jarifa to a randomly generated password instead of a
> static easily guessable one when the user does not set a password.
>
> www-data is defined in base-passwd so I think you can set permissions
> on /usr/share/jarifa/img/stats at build time instead of in
> postinstall.
>
> Why does your prerm remove files from /usr? I think maybe your
> software should use /var/lib/jarifa instead for runtime-created data.
>
> I would replace your debian/rules file with
> /usr/share/doc/debhelper/examples/rules.tiny and add "conf/jarifa.sql
> usr/share/dbconfig-common/data/jarifa/install/mysql" to
> debian/jarifa.install.
>
> libchart-1.2 is an embedded code copy (with its own embedded font
> copy), please remove it from the tarball and package it separately.
> db_conn.inc is similar, but I'm wondering why I don't see that in the
> boinc package in Debian.
>
> These files look like they were created in Inkscape/GIMP but I don't
> see any SVG/XCF source for them: computer.png cpus.png credit.png
> supplier.png volunteer.png.
>
> I wonder what the license/source for vcss.png is, since it looks like
> an image from the W3C. Same for agplv3.png since it is an FSF image.
>
> Why is there a lang/es_ES.utf8/LC_MESSAGES/messages.mo but no
> lang/es_ES.utf8/LC_MESSAGES/messages.po?
>
> Have you had the PHP code audited for vulnerabilities or run any
> automated exploit finding tools against jarifa? Examples of such tools
> available in Debian include w3af wapiti sqlmap rats. owasp.org is a
> good place to go to learn about web application security.
>
> Your jarifa.apache.conf forces jarifa to be available at /jarifa on
> all apache vhosts. As a sysadmin I would expect to be either asked
> what vhost, URL path to configure jarifa at or expect me to configure
> it manually based on an example config.
>
> lintian complaints:
>
> I: jarifa source: no-complete-debconf-translation
> I: jarifa source: debian-watch-file-is-missing
>
> --
> bye,
> pabs
>
> http://wiki.debian.org/PaulWise
>
>
> --
> To UNSUBSCRIBE, email to debian-mentors-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: http://lists.debian.org/AANLkTinTdrM5eDEz5G1+hAeh_7kC-D-xoA8FXZvhwPX@mail.gmail.com
>
>



-- 
··························································································································································
http://jarifa.unex.es/
http://www.flickr.com/photos/teleyinex
··························································································································································
Por favor, NO utilice formatos de archivo propietarios para el
intercambio de documentos, como DOC y XLS, sino HTML, RTF, TXT, CSV
o cualquier otro que no obligue a utilizar un programa de un
fabricante concreto para tratar la información contenida en él.
··························································································································································

Reply to:

References:
- RFS: jarifa
  - From: Daniel Lombraña González <teleyinex@gmail.com>
- Re: RFS: jarifa
  - From: Paul Wise <pabs@debian.org>

Prev by Date: Re: RFS: sslh (updated package)
Next by Date: Re: A question about svn-buildpackage
Previous by thread: Re: RFS: jarifa
Next by thread: Re: RFS: sima (autoqueue MPD client, find similar artists to queue)
Index(es):
- Date
- Thread