Control: owner -1 ! Control: tags -1 + moreinfo I intend to sponsor this. On Thu, 18 Jan 2018 21:42:33 +0100 Maxime Werlen wrote: > I am looking for a sponsor for my package "urlwatch" These issues block the upload of this package: The package FTBFS in a clean chroot, you need to package minidb and build-depend on python3-minidb, python3-setuptools, python3-keyring, python3-appdirs and python3-requests. https://wiki.debian.org/pbuilder It would be nice to fix these issues at some point: When you package minidb, if possible, please also make a python-minidb package so that you can report a bug against gpodder to get it to use the system minidb as it currently includes a minidb copy. I would suggest stripping the DEPENDENCIES section from README.md in the installed binary package since users of the binary package will already automatically get the dependencies installed. I would suggest adding a NEWS.Debian about migrating from the legacy hooks to the new class-based filter system. debian/copyright has an incorrect copyright year for the upstream code, upstream mentions 2016 but debian/copyright has 2018. debian/copyright should have BSD-3-Clause rather than BSD-3-Clause. debian/clean can probably be reduced to one line: lib/urlwatch.egg-info/ I like to wrap and sort the debian directory: wrap-and-sort --short-indent --wrap-always --sort-binary-packages --trailing-comma I like to wrap debian/watch to separate fields: version=3 opts="filenamemangle=s/(\d[\d\.]*)\.tar\.gz/urlwatch-$1.tar.gz/" \ https://github.com/thp/urlwatch/releases \ (?:.*/)?v?(\d[\d\.]*)\.tar\.gz uscan fails unless I delete the debian/watch opts: $ uscan --verbose --download-current-version --destdir . ... uscan info: Executing internal command: mk-origtargz --package urlwatch --version 2.7 --rename --compression gzip --directory . --copyright-file debian/copyright .//thp/urlwatch/archive/urlwatch-2.7.tar.gz Could not read .//thp/urlwatch/archive/urlwatch-2.7.tar.gz: No such file or directory at /usr/bin/mk-origtargz line 397. uscan: error: mk-origtargz --package urlwatch --version 2.7 --rename --compression gzip --directory . --copyright-file debian/copyright .//thp/urlwatch/archive/urlwatch-2.7.tar.gz subprocess returned exit status 2 Please add some upstream metadata: https://wiki.debian.org/UpstreamMetadata Please ask upstream to sign their commits and tarballs with OpenPGP: https://mikegerwitz.com/papers/git-horror-story https://wiki.debian.org/Creating%20signed%20GitHub%20releases Upstream should give a warning when the legacy hooks are being used. Upstream is storing a cache file in the xdg config directory, I suggest that they probably need to read the specs and fix the code/docs: https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html examples_path.diff is still present in the source package but is not present in the series file. IMO it should either get deleted or still be present in the series file, possibly commented out and with a reason for being disabled in a comment before that. Automatic checks: lintian P: urlwatch source: file-contains-trailing-whitespace debian/changelog (line 5) P: urlwatch source: file-contains-trailing-whitespace debian/control (line 5) P: urlwatch source: file-contains-trailing-whitespace debian/control (line 21) P: urlwatch source: file-contains-trailing-whitespace debian/rules (line 7) P: urlwatch source: package-uses-old-debhelper-compat-version 10 P: urlwatch source: insecure-copyright-format-uri http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ I: urlwatch source: testsuite-autopkgtest-missing P: urlwatch source: debian-watch-may-check-gpg-signature build /usr/lib/python3.6/distutils/dist.py:261: UserWarning: Unknown distribution option: 'copyright' check-all-the-things $ find .. -maxdepth 1 -type f -iwholename '../*.build' -exec grep -nHw E {} + ../urlwatch_2.7-1_amd64.build:375:E: pybuild pybuild:283: clean: plugin distutils failed with: exit code=1: python3.6 setup.py clean $ find .. -maxdepth 1 -type f -iwholename '../*.build' -exec grep -nHi error {} + ../urlwatch_2.7-1_amd64.build:374:ModuleNotFoundError: No module named 'setuptools' ../urlwatch_2.7-1_amd64.build:378:make: *** [clean] Error 25 ../urlwatch_2.7-1_amd64.build:379:dpkg-buildpackage: error: fakeroot debian/rules clean subprocess returned exit status 2 $ find .. -maxdepth 1 -type f -iwholename '../*.build' -exec grep -nHi warn {} + ../urlwatch_2.7-1_amd64.build:6:/usr/lib/python3.6/distutils/dist.py:261: UserWarning: Unknown distribution option: 'copyright' ../urlwatch_2.7-1_amd64.build:7: warnings.warn(msg) $ env PERL5OPT=-m-lib=. cme check dpkg Warning in 'control source Standards-Version' value '4.1.3': Current standards version is '4.1.1'. Please read file:///usr/share/doc/debian-policy/upgrading-checklist.txt.gz to check what changes need to applied to your package to upgrade it from standard version '4.1.3' to '4.1.1'. Warning in 'control source Vcs-Browser' value 'https://anonscm.debian.org/git/collab-maint/urlwatch.git': URL is not the canonical one for repositories hosted on Alioth. Warning in 'copyright Format' value 'http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/': Format uses insecure http protocol instead of https Configuration item 'source format' has a wrong value: enum type does not know '3.0 (quilt) extend-diff-ignore="^[^/]+\.egg-info/"'. Expected '1.0' or '2.0' or '3.0 (native)' or '3.0 (quilt)' or '3.0 (custom)' or '3.0 (git)' or '3.0 (bzr)' $ env PERL5OPT=-m-lib=. duck I: debian/copyright:1: URL: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/: INFORMATION (Certainty:possible) URL schema changed from HTTP to HTTPS during redirect(s): http://www.debian.org -> https://www.debian.org Please investigate and update the URL eventually, to avoid unneccesary redirects! I: debian/copyright:4: URL: http://thpinfo.com/2008/urlwatch/: INFORMATION (Certainty:possible) Domain redirect detected: http://thpinfo.com -> https://thp.io. Probably a new upstream website? I: debian/control: Homepage: http://thpinfo.com/2008/urlwatch/: INFORMATION (Certainty:certain) Domain redirect detected: http://thpinfo.com -> https://thp.io. Probably a new upstream website? # check if these can be switched to https:// $ grep -nHrF http: . <lots> # This command checks style. While a consistent style # is a good idea, people who have different style # preferences will want to ignore some of the output. # Do not bother adding non-upstreamable patches for this. $ proselint . ./README.md:87:44: typography.symbols.ellipsis '...' is an approximation, use the ellipsis symbol '…'. # This command checks style. While a consistent style # is a good idea, people who have different style # preferences will want to ignore some of the output. # Do not bother adding non-upstreamable patches for this. $ find . -type f -iname '*.py' -exec pycodestyle --ignore W191 {} + /usr/lib/python3/dist-packages/pycodestyle.py:2190: UserWarning: [pep8] section is deprecated. Use [pycodestyle]. warnings.warn('[pep8] section is deprecated. Use [pycodestyle].') ./test/test_handler.py:113:121: E501 line too long (121 > 120 characters) # This command checks style. While a consistent style # is a good idea, people who have different style # preferences will want to ignore some of the output. # Do not bother adding non-upstreamable patches for this. $ pydocstyle . <lots> $ find . -type f -iname '*.py' -exec pylint3 --rcfile=/dev/null --msg-template='{path}:{line}:{column}: [{category}:{symbol}] {obj}: {msg}' --reports=n {} + <lots> $ python3-bandit -r . <lots> $ find . -type d \( -iname .bzr -o -iname .git -o -iname .hg -o -iname .svn -o -iname CVS -o -iname RCS -o -iname SCCS -o -iname _MTN -o -iname _darcs -o -iname .pc -o -iname .cabal-sandbox -o -iname .cdv -o -iname .metadata -o -iname CMakeFiles -o -iname _build -o -iname _sgbak -o -iname autom4te.cache -o -iname blib -o -iname cover_db -o -iname node_modules -o -iname '~.dep' -o -iname '~.dot' -o -iname '~.nib' -o -iname '~.plst' \) -prune -o -type f ! \( -iname '*.bak' -o -iname '*.swp' -o -iname '#.*' -o -iname '#*#' -o -iname 'core.*' -o -iname '*~' -o -iname '*.gif' -o -iname '*.jpg' -o -iname '*.jpeg' -o -iname '*.png' -o -iname '*.min.js' -o -iname '*.js.map' -o -iname '*.js.min' -o -iname '*.min.css' -o -iname '*.css.map' -o -iname '*.css.min' -o -iname '*.wav' \) -exec env PERL5OPT=-m-lib=. spellintian --picky {} + ./README.md: V V (duplicate word) -> V ./README.md: python -> Python ./README.md: api -> API ./.travis.yml: python -> Python ./debian/changelog: mentionned -> mentioned ./debian/changelog: versionned -> versioned ./debian/changelog: python -> Python $ grep -nHriE 'fixme|todo|hack|xxx+|broken' . ./lib/urlwatch/reporters.py:309: # FIXME: This isn't ideal, but works for now... ./lib/urlwatch/reporters.py:357: # TODO set_password(options.email_smtp, options.email_from) $ vulture . <lots> # These calls are potentially vulnerable to Python code injection $ find . -type f -iname '*.py' -exec grep -nHF 'yaml.load' {} + ./lib/urlwatch/storage.py:283: return yaml.load(fp) ./lib/urlwatch/storage.py:320: return yaml.load_all(fp) ./lib/urlwatch/storage.py:331: return [JobBase.unserialize(job) for job in yaml.load_all(fp) if job is not None] $ find . -type f \( -iname '*.yaml' -o -iname '*.yml' -o -iwholename ./debian/upstream/metadata -o -iwholename ./debian/upstream/edam \) -exec yamllint {} + ./test/data/urlwatch.yaml 1:1 warning missing document start "---" (document-start) ./.travis.yml 1:1 warning missing document start "---" (document-start) 6:15 warning too few spaces before comment (comments) 7:15 warning too few spaces before comment (comments) -- bye, pabs https://wiki.debian.org/PaulWise
Attachment:
signature.asc
Description: This is a digitally signed message part