In summary - users are requested to upgrade. Moving forward, the maintainer intends to branch the project at the next major release and will backport stuff where necessary (e.g. critical issues). This will be very useful for Debian to identify issues to include in updates.
> I would suggest using diffoscope to compare the broken build with the
> working one, you might discover the reason for this brokenness.
This did not reveal any specific build issues.
> The package fails to build because gtk+3.0 3.20.5-1 is not yet built in Debian:
I presume this is a transition issue for Sid as it moves to GTK+3.20
> There are many hardcoded library dependencies, they shouldn't be
> needed as ${shlibs:Depends} will take care of them, unless these
> libraries are loaded using dlopen instead of linking. If they are
> loaded with dlopen, a ${dlopen:Depends} substvar and a script to
> generate it would be better than hardcoding them.
The dependencies are been cleaned up. No libraries are included. The minimal necessary dependencies have been left - these are required for the desktop system to start successfully
> debian/copyright is missing some copyright holders.
This has been substantially revised
> I think the ftp-masters will want debian/copyright to be more specific
> about which files are LGPL and which are GPL.
> I note that the upstream tarball contains generated files (*.c *.vapi
> *.css *.png *.html). I personally think these need to be removed from
> the upstream tarball and VCS if present in either of those and always
> created at build time. If upstream doesn't want to do that an
> acceptable workaround would be to remove these files in `debian/rules
> clean` and in `debian/rules build` before autoreconf/configure are
> run. Alternatively you could use the gitub-generated tarballs which
> only contain what is in git. Looks like you will need to package some
> more build-deps here though, like gulp-sass.
> The imports/natray/ and gvc/ directories appear to be embedded code
> copies from one of GNOME/cinnamon/MATE/cairo-dock-plug-ins/something.
> They should be removed from all of these including budgie and packaged
> separately. Until that happens the security team need to be notified
> about the embedded code copy, which they track.
> $ apt-file search -iIdsc na-tray
> https://wiki.debian.org/EmbeddedCodeCopies > Please add DEP-3 headers to the patches, particularly the
> Origin/Forwarded headers should point at URLs.
> The first line of nm-applet.diff looks a bit strange.
This has been done.
> The debian-watch-file-is-missing lintian tag should not be overridden
> since upstream has a git repo with tags and tarballs that can be used
> with uscan and debian/watch.
override has been removed
> Please file bugs on lintian about the
> dep5-copyright-license-name-not-unique and postinst-must-call-ldconfig
> false positives.
This has been removed since the package has been reworked.
> The binary-without-manpage lintian tag should not be overridden since
> it is true. Just ignore it until a manual page exists.
Override has been removed
> It would be great if upstream could sign their commits, tags and
> releases with OpenPGP:
Upstream are already signing their commits. Tags/releases are not going to be signed.
> Why do you disable the ibus systray icon?
I've removed this gsettings override
> I'm not sure the gnome-settings overrides are appropriate.
This has been tidied - only one vital override exists - this is needed to display the GNOME appmenu correctly in the window decoration.
> I wonder if the gsettings overrides should be renamed to
> budgie-desktop.gsettings-override so it is only installed for one
> package?
This has been renamed
> Usually in debian/control the version numbers in dependency relations
> have a space before them:
Space has been added.
>I like to wrap-and-sort the debian/ directory using this command:
> wrap-and-sort --short-indent --wrap-always --sort-binary-packages
> --trailing-comma
Done.
> I'm not sure that Section: gnome is appropriate, could you explain
> your reasoning here?
I've moved to misc since I didnt see any other obvious Sid section available. Please advise if there is a better more appropriate section for GNOME/GTK+3 based desktop systems such as budgie-desktop
> The Vcs-Browser field is reserved for the Debian packaging VCS, not
> upstream. See below for a solution for upstream.
Removed
Home-page updated.
> I note there are several stamp files that probably aren't meant to be
> in the upstream tarball:
> There are some files in the upstream VCS that are missing from the
> upstream tarball, I wonder if that is intentional.
Apparently yes - according to the maintainer as linked above.
> A typo in theme/README.md: obejct
This is not installed - source only issue.
Added upstream metadata
>$ sudo apt-get install -t experimental check-all-the-things
> $ check-all-the-things
On the whole these findings were based on C issues - however this is due as far as I can gather due to the Vala compiler - so not something upstream can deal with.
> # Not sure why but autodep8 doesn't like your debian/control:
> $ autodep8
> grep-dctrl: debian/control:48: expected a colon.
This seems to be fixed now.
> # These should be created at build time instead
> $ find -type f \( -iname '*.png' -o -iname '*.gif' -o -iname '*.jpg'
> -o -iname '*.jpeg' \) -exec grep -iF inkscape {} +
> <lots>
Maintainer has indicated otherwise - see link above
> $ codespell --quiet-level=3
> <lots>
Vala to C compiler issues - not an upstream matter.