Hi, I just heard that someone filed an RFS for telegram-desktop. Good job! Wish that you could make this package into good shape and put it into Debian. > I can't understand how pristine-tar works. Should I manually download [...] You should use upstream tarball when applicable. If we use the tarball which is *identical* with the tarball released by upstream, we can have confidence that no source code is modified in the distribution version of this software. If upstream signs the tarball, we may also verify its integrity using gpg. (Debian supports such check via debian/watch file and public key inside debian/ dir. Well, that's not the case for telegram-desktop so never mind.) Downloading manually can be unnecessary. If you carefully write debian/watch file, the "uscan" tool can do it for you according to information in d/watch file. If you don't really want to hack into d/watch, then manual download should be needed. A big trouble is that upstream usually bundles lots of third-party sources into its release. You will need to write detailed d/copyright file for those files. Of course you may still use gbp-generated orig tarball. The decision is up to you. ------ Here are my incomplete reviews for current packaging (1.0.6). Note that I am not a DD nor DM, so I won't be able to sponsor your package. * I really don't recommend using "ronn" tool to generate man page. Even we have ronn in Debian, ronn is already dead upstream [1] and we shouldn't use a dead tool in build toolchain. Writing man pages manually won't take up too much time, or at least we can consider tools other than ronn (yes, there are other tools available). * Please consider explicitly enable (full) hardening flags in d/rules and test if the build can pass. * Is the hard Depends: to fcitx-frontend-qt5 necessary? Your instruction would make everyone who installs telegram-desktop to install fcitx, which is an Input Method Framework. I recommend you downgrade it to Suggests. * Build-depends fcitx-frontend-qt5 seems very wrong. Could you please explain why you add this one? [1] https://github.com/rtomayko/ronn/ After all, this is a big software and the package may need further polishment. Please keep going ahead. I am looking forward to seeing telegram-desktop inside Debian. -- Sincerely, Boyuan Yang
Attachment:
signature.asc
Description: This is a digitally signed message part.