On Fri, Nov 24, 2017 at 08:14:51AM +0100, Vincent Bernat wrote: > > In d/changelog: you forgot to include the ITP bug number. Thanks for the catch; it seems I had included the ITP number in git (present on my laptop and alioth) but forgot to rebuild before dput... > In d/copyright: you need to include the complete CC0 license. OK; I did so based on what other packages were doing, according to codesearch.d.n [0]. If that's an acceptable solution, I will - include the whole CC0 license in debian/copyright (this is already uploaded to mentors.d.n); - open a bug against base-files to ship the CC0 in /usr/share/common-licences - open bugs against concerned packages, to refer to the licence's text as installed by base-files; (what should the severity be? I guess serious, since it is a violation of Debian policy 12.5 [1]) [0]: https://codesearch.debian.net/search?q=path%3Adebian%2Fcopyright+CC0 [1]: https://www.debian.org/doc/debian-policy/#copyright-information > You override the debian-watch-may-check-gpg-signature, but you also need > to override orig-tarball-missing-upstream-signature. Since the tooling > to check signatures the way you need it is not here, an alternative > would be to not ship upstream GPG signature. That's something lintian picks up in the changes file, and there is currently no way to override those, if I'm not mistaken: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575400 > Also, I don't care about the use of short commands like fq, nq, tq (they > are currently free), but that's something others may feel is > inappropriate. You could keep them as is and see if the upload is > accepted by FTP masters. Yeah, I thought it would be more confusing than anything to rename the binaries (and I checked that the names were free using `command-not-found`). Thanks a bunch for the review, nicoo
Attachment:
signature.asc
Description: PGP signature