[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#961417: RFS: libudfread/1.0.0-1 -- UDF reader library

Control: owner -1 !
Control: tag -1 moreinfo

On Sun, May 24, 2020 at 12:11:42PM +0000, Vasyl Gello wrote:
>   dget -x https://mentors.debian.net/debian/pool/main/libu/libudfread/libudfread_1.0.0-1.dsc

* d/control:
 + Vcs-* have to point to the packaging repository, not the upstream
   one.  Since this is something maintained by the multimedia team
   (according to Maintainer) it should have a repo within the multimedia
   team space.
 + Homepage points to the upstream VCS: doesn't this project have a real
 + Both descriptions are way way too short (1 line). please strive to
   find at least 3 lines...
* d/*.dirs
 + those two files are totally useless, get rid of them
* libudfread-dev.install
 + you are installing the .a file: do you really need it?  As a personal
   policy I try to remove static libraries rather than adding them…
* d/changelog:
 + Please add the "Initial upload" words in there :)
* d/rules:
 + since you are using dh compat 13, you can go and use
   "execute_before_dh_installexamples" instead of the current override
 + you may prefer to add that .la file in d/not-installed instead of
   overriding dh_missing that way (also relevant if you stop installing
   the .a file).
* d/copyright:
 + I see that debian/* has a different license than the rest of the
   package.  Theoretically that might cause issue if for example sombody
   writes a patch for debian, place it under the debian/* license (GPL2+
   in this case).  That patch then it would taint the upstream license,
   as combining code with LGPL2.1 and GPL2+ leads to something that is
   only GPL2+, likely something that upstream wouldn't want.
 + furthermore, the project is not released under LGPL-2.1, but
   LGPL-2.1+ ... please pay attention to these details
 + in the copyright you wrote "2014-2020 VLC authors and VideoLAN", but
   I can't find any year later than 2017.  Lastly, I see all files have
   only one "Author:" listead in them, I'd find nice if you added at
   least a Comment: line in that "Files: *" paragraph mentioning that
   single author.
 + you missed m4/attributes.m4 - please take note that that GPL-2+ file
   has a special exception
* you uploaded a .asc file, but you have not provided either public
  signing key in d/upstream/signing-key.asc nor set an appropriate pgp
  option in d/watch.  Nor I can find any signature on the upstream
  repository (note that I haven't tried to check the signature).  Where
  is it coming from?

                        Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540      .''`.
More about me:  https://mapreri.org                             : :'  :
Launchpad user: https://launchpad.net/~mapreri                  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-

Attachment: signature.asc
Description: PGP signature

Reply to: