Bug#881946: RFS: keychain/2.8.4+dfsg-1 [ITA]

To: Paulo Ricardo Paz Vital <pvital@gmail.com>, 881946@bugs.debian.org
Subject: Bug#881946: RFS: keychain/2.8.4+dfsg-1 [ITA]
From: Niels Thykier <niels@thykier.net>
Date: Thu, 16 Nov 2017 21:55:00 +0000
Message-id: <[🔎] 857be2b4-da98-9168-077a-d15374be8496@thykier.net>
Reply-to: Niels Thykier <niels@thykier.net>, 881946@bugs.debian.org
In-reply-to: <[🔎] a9f04fbd-d919-dd75-97f0-b8dd1a6d3c25@gmail.com>
References: <[🔎] a9f04fbd-d919-dd75-97f0-b8dd1a6d3c25@gmail.com> <[🔎] a9f04fbd-d919-dd75-97f0-b8dd1a6d3c25@gmail.com>

Control: tags -1 moreinfo

Paulo Ricardo Paz Vital:
> Package: sponsorship-requests
> Severity: normal
> 
> Dear mentors,
> 
> [...]

Hi,

I have done an initial review of the changes and I have a few remarks.
Please CC me directly on any follow ups to this bug.

> 
> Changes since the last upload:
> 
> keychain (2.8.4+dfsg-1) unstable; urgency=medium
> 
>   * New upstream release
>   * Set DFSG build since the upstream tarball have changed a lot
      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

The "dfsg" marker is used solely for the purpose of removing non-free
parts or parts with missing licensing terms.  However, it is not clear
to me with the current wording whether this is the reason why we use
"dfsg" here.

Were the files removed under a non-free license (or missing a license)?

 * If yes, then please use that argument in the changelog a la:
   "Repacked the source package to removed some non-free files"
   (Feel free to adapt the wording)

 * If no, then please either reconsider the repacking or use the "ds"
   (short for "debian source") marker instead of "dfsg"[0].

=> This is my only "blocking" concern.

> [...]
> 
>  -- Paulo Vital <pvital@gmail.com>  Thu, 16 Nov 2017 11:50:24 -0200
> 
> 
>   Regards,
>    Paulo Vital
> 

Beyond my concern above, I also have a few suggestions for some
improvements to the packaging:

 * In debian/uscan-dfsg-clean.sh: Please use "-n" (e.g. "gzip -9n") to
   avoid adding an unnecessary and non-deterministic timestamp to the
   file.

 * debian/dirs: This file appears to be redundant as I can successfully
   build keychain without it.  I am sure it made sense long ago and no
   one discovered until now that it is no longer necessary. :)

 * debian/docs: I am not sure it makes sense to install keychain.pod as
   it is basically used to generate the manpage.  (I know you did not
   introduce this change; I just noticed it and thought it would make
   sense to bring it up).

 * The keychain package can build without using (fake)root.
   Please consider setting "Rules-Requires-Root: no" in d/control in
   the "Source" stanza.
   - It requires no changes to (Build-)Depends in keychain (even if you
     intend to backport keychain to stable once 2.8.4 hits testing)


... and some suggestions regarding the upstream code:

 * Makefile: Upstream uses "gzip -9" (without -n) which /would/ cause
   keychain to become "unreproducible"[1].  However, I suspect that
   dh_installman happens to save us as a side effect.
   - Please consider asking upstream to use "-n" with gzip to ensure
     that their build is natively reproducible.

None of these suggestions are mandatory for getting keychain updated.

Thanks,
~Niels

[0]
https://wiki.debian.org/DebianMentorsFaq#What_does_.2BIBw-dfsg.2BIB0_or_.2BIBw-ds.2BIB0_in_the_version_string_mean.3F

[1] https://reproducible-builds.org/

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

References:
- Bug#881946: RFS: keychain/2.8.4+dfsg-1 [ITA]
  - From: Paulo Ricardo Paz Vital <pvital@gmail.com>

Prev by Date: Bug#881946: RFS: keychain/2.8.4+dfsg-1 [ITA]
Next by Date: Bug#858538: marked as done (RFS: fadecut/0.2.0-1)
Previous by thread: Bug#881946: RFS: keychain/2.8.4+dfsg-1 [ITA]
Next by thread: Bug#877450: RFS: bash-completion/1:2.7-1 [ITA]
Index(es):
- Date
- Thread