Hi On 06/06/2016 03:53, Carlos Donizete Froes wrote: > Hello Gianfranco, > > I made the changes recommended me. Please could again analyze my > package? > > https://mentors.debian.net/package/runescape > > Thank you! > Hi some more issues: 1) you put dependencies under build-dependencies, but they seem to be more runtime dependencies 2) you fixed the gpg key issue, but now you have to *revoke* it and generate a new one. the key is compromised, I have it, and everybody that dgetted the package has it, and it is available on build machines such as DebOMatic and probably somewhere else too. So, you should probably revoke it, and generate a new one (you have it protected with passphrase, so if you think your passphrase is strong enough you can avoid this step, I didn't try to brute-force it) 3) not sure why have a .c file that runs a script... 4) # Necessary that the generated binary is in the directory where is the "script.sh" runescape: arch-dependent-file-in-usr-share usr/share/games/runescape/runescape this isn't necessary, please remove and fix lintian, don't override it, specially because lintian seems right here. 5) CFLAGS = -g -Wall -O2 -fstack-protector-strong -Wformat -Werror=format-security CPPFLAGS = -D_FORTIFY_SOURCE=2 LDFLAGS = -fPIE -pie -Wl,-z,relro -Wl,-z,now OBJECTS = runescape.o no, please never override flags. you can use ?= that means define if not already defined, but never override external flags. 6)Please add some upstream metadata: https://wiki.debian.org/UpstreamMetadata Gianfranco
Attachment:
signature.asc
Description: OpenPGP digital signature