Re: RFS: RHash - Utility for computing hash sums and magnet links
Hi Arno,
thanks for the review!
I've done several changes, you proposed, partially added the
README.Debian with explanation on the SONAME change.
Some notes:
> * Please push debhelper compatibility to version 8 (debian/compat,
> debian/control), see debhelper(7).
Ok, switched to 8th version for auto-running dpkg-gensymbols, but some
DDs (on #d-mentor) prefer to package with 7th debhelper to simplify
backporting.
> * I'm not sure what I should think about debian/Makefile-rhash-1.2.6rc1.
> Why didn't you merge those changes with your upstream Makefile, since
> you are upstream yourself? If you really want to keep it out of your
> upstream source, please use a quilt patch [3] instead.
The Makefile-rhash-1.2.6rc1 is already upstream. The RHash v1.2.6 is
actively developed and can't be released half-done.
This Makefile is needed, cause it has better support for SONAME and
library installation/testing. It helped to write better rules file.
You sound reasonable about making quilt patch, but putting auxiliary
file into debian is much simpler, than hunting lintian warnings on
absent source/option file. That way I can concentrate on development
instead of packaging issues.
> * Your upstream sources are missing copyright headers. Please consider
> adding them.
There is already Copyleft license file! Why do I need to add Copyrights? :)
> Your debian/copyright provides conflicting license headers. I'm aware
> yor package is dual-licensed, see DEP-5 on how to specify such use
> cases
If it is not reported by lintian, then it doesn't look like official
requirement. :)
I've fixed the mentioned file anyway.
P.S. still looking for a Sponsor
09.06.2011 6:19, Arno Töll wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Alexey,
On 08.06.2011 11:55, rhash.admin wrote:
Hello! I need a sponsor for the rhash package!
http://mentors.debian.net/cgi-bin/sponsor-pkglist?action=details;package=rhash
a few notes about your package you may want to consider (I'm no DD, so I
can't sponsor you though):
* debian/changelog: Please don't explain in the changelog what your
package is for. We have a short and a long description for that. See [1]
for some hints. You should neither mention the SONAME change there
unless you changed it for the Debian package exclusively. If the latter
you might want to elaborate the reason in a README.Debian file.
* Please push debhelper compatibility to version 8 (debian/compat,
debian/control), see debhelper(7).
* debian/control: It is considered a best practice to have VCS links in
debian/control which point to the repository where you develop the
Debian package. See [2].
* Do you really need the minor version in the SONAME (and hence
correctly reflected in the package name)? It is not wrong to do so, but
since your package is new and your both, major and minor version are 0
you could probably just use the major version instead of an odd name
like librhash0.0.
* You replicate the package priority for your binary packages when
compared to the source package in debian/control. No need for that
unless you change priorities for binary packages.
* I'm not sure what I should think about debian/Makefile-rhash-1.2.6rc1.
Why didn't you merge those changes with your upstream Makefile, since
you are upstream yourself? If you really want to keep it out of your
upstream source, please use a quilt patch [3] instead.
* Your upstream sources are missing copyright headers. Please consider
adding them.
* You could earn some bonus points for shipping a symbol file, see
dpkg-gensymbols(1)
* Your package synopsis should not start with an upper case letter, see
[4]. Long description is fine, but I'm not entirely happy with the
synopsis lines for each package. Tastes may vary.
* Your debian/copyright provides conflicting license headers. I'm aware
yor package is dual-licensed, see DEP-5 on how to specify such use
cases, "Syntax" in [5]. Also consider the MIT hint mentioned in DEP-5.
Moreover don't use hash marks like programming style comments, use the
"Comment" header instead.
* You ship some cryptographic algorithms, I hope you checked all legal
issues with that?
[1]
http://www.debian.org/doc/manuals/developers-reference/best-pkging-practices.html#bpp-debian-changelog
[2]
http://www.debian.org/doc/manuals/developers-reference/best-pkging-practices.html#bpp-vcs
[3] http://wiki.debian.org/UsingQuilt, among others
[4]
http://www.debian.org/doc/manuals/developers-reference/best-pkging-practices.html#bpp-desc-basics
[5] http://dep.debian.net/deps/dep5/
- --
with kind regards,
Arno Töll
IRC: daemonkeeper on Freenode/OFTC
GnuPG Key-ID: 0x9D80F36D
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJN8ANxAAoJEMcrUe6dgPNtDugP/2Ytoi0rmN529vJaMSFT6LrR
4aFIK2OD1VTUmHg9vdlWkUnqdq9DdSxJte6b4pl1gyjGMHrg6kK7fk758QQexNBd
xLmHiC2+cPCnC/Hhh4BJovViZzYm37p8E3uarzWhp81hzyrK8OrvhPppkb4M50wn
n0+hVrSYRvVmEn3lI/YR7meQXaysK4HFNfogICCPJvUadJKJJqTmdPG/zzf1h1dq
n2AqNrgnpZlZeSsPQEFvquSV94vpqyU+XdEZNTxdO6GHzQq6wD5lrG/Y8PiSBv5z
LxvcAwmO6Owd5QXO4JFtGn1kneMgVDn9kK9PeESO79niAY2AbjGWRp4P0UccIgI+
yZ7woE7f9x4BcdVcZtk3lmtfdCZZspuPUwKeBDIpMRXQgjAqT7+4lUDW7g9DMmwa
LnST9L+0XzG2s9EANNfVyL5wJKHXe5eioq0U2TQ8ShCZCtfhn6smYcrR04wRKHnH
wJb1LYsPH3ygJGmEtEbBga0H+9+aY3zr7ZoM3hjI1veqna+N8SQ5YXrr34sYPNyz
Ji1r4KQ5Mjewq85fvM/VLAlXKebdZ34FAqPrazCQHVuZzMRtVPqgFpcVi336S3n3
KDIl5IpcrBabmf05APOmhkIzqXjReyihFNqUWQjXm+gFUJjhyM6kTZhm+Wx4eFyS
Yx3EkSvBItEw6A/QXicB
=xfL6
-----END PGP SIGNATURE-----
Reply to: