reviewed scons
Hi Jörg,
I looked into the scons package at
http://mentors.debian.net/debian/pool/main/s/scons/scons_2.3.4-1.dsc and
copy this review to d-mentors for others to join in. Here are some
comments in random order. Importance at end of mail.
1. Earlier reviewers have observed that you are using compression-level
9 with xz. While xz is already the default, using compression-level 9
is actively harmful to machines with little ram. It also doesn't make
any sense with a 1MB package. See:
https://lists.debian.org/debian-devel/2014/09/msg00013.html
2. I am very uneasy about the following hunk to script/scons:
| +# - running from source takes priority (since 2.3.2), excluding SCONS_LIB_DIR settings
| +script_path = os.path.abspath(os.path.dirname(__file__))
| +source_path = os.path.join(script_path, '..', 'engine')
| +libs.append(source_path)
Importing random python modules from .. is a route to security
issues. Even if upstream is keen on keeping this hack to make scons
work better when used from source, the Debian package almost
certainly should revert it.
3. The fix for #760804+#761565 is needed in jessie. Can you prepare an
upload to unstable (in addition to your experimental upload) with
minimal changes beyond fixing RC bugs?
4. d/changelog does not mention the change to the Vcs-Browser field.
5. Why does d/copyright list yourself as sole copyright holder for
debian/*? It seems that you are not the sole author.
6. I think that it is very unfortunate that you are restricting the
license of debian/* files to GPL-3+ when upstream uses Expat. That
will make it way harder to forward patches upstream. Please consider
using Expat for your contributions to the scons package as well.
7. Did you forward the manpage-spelling.patch upstream?
1, 4, 7 are nice to have, but not essential to fix before uploading. On
the other hand 2, 3 and 5 really need to be addressed and I hope that
you change your mind about 6.
You may want to create RFS bugs against the sponsorship-requests package
to make tracking the state of scons uploads easier.
Thanks for your contributions
Helmut
Reply to: