Re: reviewed scons

To: Helmut Grohne <helmut@subdivi.de>
Cc: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>, debian-mentors@lists.debian.org
Subject: Re: reviewed scons
From: Jörg Frings-Fürst <debian@jff-webhosting.net>
Date: Sat, 08 Nov 2014 14:56:26 +0100
Message-id: <[🔎] 1415454986.6246.6.camel@jff-webhosting.net>
In-reply-to: <[🔎] 20141108075314.GA22611@alf.mars>
References: <[🔎] 20141108075314.GA22611@alf.mars>

Hallo Helmut,

danke für Dein review.


Am Samstag, den 08.11.2014, 08:53 +0100 schrieb Helmut Grohne:
> Hi Jörg,
> 
> I looked into the scons package at
> http://mentors.debian.net/debian/pool/main/s/scons/scons_2.3.4-1.dsc and
> copy this review to d-mentors for others to join in. Here are some
> comments in random order. Importance at end of mail.
> 
> 1. Earlier reviewers have observed that you are using compression-level
>    9 with xz. While xz is already the default, using compression-level 9
>    is actively harmful to machines with little ram. It also doesn't make
>    any sense with a 1MB package. See:
>    https://lists.debian.org/debian-devel/2014/09/msg00013.html

debian/source/options removed.

> 2. I am very uneasy about the following hunk to script/scons:
> 
> | +# - running from source takes priority (since 2.3.2), excluding SCONS_LIB_DIR settings
> | +script_path = os.path.abspath(os.path.dirname(__file__))
> | +source_path = os.path.join(script_path, '..', 'engine')
> | +libs.append(source_path)
> 
>    Importing random python modules from .. is a route to security
>    issues. Even if upstream is keen on keeping this hack to make scons
>    work better when used from source, the Debian package almost
>    certainly should revert it.

Upstream is notified.

> 
> 3. The fix for #760804+#761565 is needed in jessie. Can you prepare an
>    upload to unstable (in addition to your experimental upload) with
>    minimal changes beyond fixing RC bugs?
> 

It's ready. My sponsor get a mail about this.

> 4. d/changelog does not mention the change to the Vcs-Browser field.
> 

done.

> 5. Why does d/copyright list yourself as sole copyright holder for
>    debian/*? It seems that you are not the sole author.

Sorry. Missing authors added.

> 
> 6. I think that it is very unfortunate that you are restricting the
>    license of debian/* files to GPL-3+ when upstream uses Expat. That
>    will make it way harder to forward patches upstream. Please consider
>    using Expat for your contributions to the scons package as well.

No. But I have added the missing debian/patches/* with license Expat.

> 
> 7. Did you forward the manpage-spelling.patch upstream?
> 

At this moment not, but I do it.

> 1, 4, 7 are nice to have, but not essential to fix before uploading. On
> the other hand 2, 3 and 5 really need to be addressed and I hope that
> you change your mind about 6.
> 
> You may want to create RFS bugs against the sponsorship-requests package
> to make tracking the state of scons uploads easier.
> 

OK

> Thanks for your contributions
> 
> Helmut
> 
> 

Package is not uploaded to mentors. I'm waiting for Adrian, which
package he would like want first.


CU
Jörg

-- 
pgp Fingerprint: 7D13 3C60 0A10 DBE1 51F8  EBCB 422B 44B0 BE58 1B6E
pgp Key: BE581B6E
CAcert Key S/N: 0E:D4:56

Jörg Frings-Fürst
D-54526 Niederkail

Threema: SYR8SJXB

IRC: j_f-f@freenode.net
     j_f-f@oftc.net

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

References:
- reviewed scons
  - From: Helmut Grohne <helmut@subdivi.de>

Prev by Date: Bug#768487: RFS: fasm
Next by Date: Bug#768377: RFS: hastymail2/1.1-1 [ITP] -- need help with lintian errors
Previous by thread: reviewed scons
Next by thread: Bug#768487: RFS: fasm
Index(es):
- Date
- Thread