Control: severity -1 wishlist Control: block 791919 by -1 Control: tags -1 moreinfo Hi, On Wed, 2016-05-25 at 21:10 +0200, Muri Nicanor wrote: > Package: sponsorship-requests > Severity: normal > > Dear mentors, > > I am looking for a sponsor for my package "usbguard" This looks like quite an interesting package, so here's a review. You do not own the wnpp bug for this package. You need to retitle the bug from an RFP to ITP and set yourself as the owner. Do this before trying to fix anything else. Since libusbguard.so is in a public libs directory, you must put it in a separate package (probably called libusbguard0). You should then put all the development files in libusbguard-dev. I see you added a lintian override for this, but didn't say why you did it in the comment. Please run wrap-and-sort so wrap the Build-Depends field in the control file. You don't need the -2 changelog entry since your -1 version was never uploaded. You add a group "usbguard" in postinst but didn't remove it in postrm. You should probably do that during the purge step. The other things in postrm seem incorrect. Why do you need to remove the service file manually? "usbguard" must depend on adduser to use addgroup in your postinst. The *.install files should use a wildcard (*) instead of including the multiarch directory manually. At the moment the package will FTBFS everywhere except amd64. In rules, --with-bundled-spdlog=no doesn't seem to work. Enable parallel building (dh --parallel) if it works. You build-depend on dh-autoreconf, but don't actually run it. Use something like "dh --with=autoreconf,systemd". copyright: Upstream code is GPL-2+ (not GPL-2) The license identifier for the Boost License is "BSL-1.0" The license identifier for your "MIT-License" is "Expat" https://spdx.org/licenses/ Authors isn't a valid field name. You can use Comment or Upstream-Contact instead. The default config doesn't allow the root user to use usbguard. This doesn't offer ant additional security, but does add inconvenience. usbguard.service contains: WantedBy=base.target but base.target doesn't exist on my system. The usbguard-rules.conf manpage uses "usbguard-daemon.conf" in the NAME section (and other places) which is obviously a typo. Please submit the patch you added upstream when you get the chance. Finally, although you've fixed all the lintian warnings, please try and fix some of the info tags. I: usbguard source: duplicate-short-description usbguard usbguard-dev I: usbguard source: debian-watch-file-is-missing I: usbguard: hardening-no-pie usr/bin/usbguard I: usbguard: hardening-no-bindnow usr/bin/usbguard I: usbguard: spelling-error-in-binary usr/lib/x86_64-linux-gnu/libusbguard.so.0.0.0 Uknown Unknown I: usbguard: hardening-no-bindnow usr/lib/x86_64-linux-gnu/libusbguard.so.0.0.0 I: usbguard: hardening-no-pie usr/sbin/usbguard-daemon I: usbguard: hardening-no-bindnow usr/sbin/usbguard-daemon I: usbguard: spelling-error-in-manpage usr/share/man/man5/usbguard-rules.conf.5.gz formated formatted I: usbguard: no-symbols-control-file usr/lib/x86_64-linux-gnu/libusbguard.so.0.0.0 I: usbguard: systemd-service-file-missing-documentation-key lib/systemd/system/usbguard.service Hopefully I've covered everything! James
Attachment:
signature.asc
Description: This is a digitally signed message part