[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#961417: RFS: libudfread/1.0.0-1 -- UDF reader library

>* d/control:
> + Vcs-* have to point to the packaging repository, not the upstream
> one. Since this is something maintained by the multimedia team
> (according to Maintainer) it should have a repo within the multimedia
> team space.

Fixed by setting Maintainer to me until I get into the team. I have not even raised
the application intent yet.

> + Homepage points to the upstream VCS: doesn't this project have a real
> homepage?

Well, it is, but it is sometimes not accessible. Added it anyway.

> + Both descriptions are way way too short (1 line). please strive to
> find at least 3 lines...
>* d/*.dirs
> + those two files are totally useless, get rid of them

Shot them dead ;)

>* libudfread-dev.install
> + you are installing the .a file: do you really need it? As a personal
> policy I try to remove static libraries rather than adding them…

I often link software statically, especially targeting Android.
So I guess keeping static library won't hurt as part of -dev

>* d/changelog:
> + Please add the "Initial upload" words in there :)

Doen :)

>* d/rules:
> + since you are using dh compat 13, you can go and use
> "execute_before_dh_installexamples" instead of the current override
> + you may prefer to add that .la file in d/not-installed instead of
> overriding dh_missing that way (also relevant if you stop installing
> the .a file).
>* d/copyright:

Good catch, thanks! Now I can keep not-installable things sane.

> + I see that debian/* has a different license than the rest of the
> package. Theoretically that might cause issue if for example sombody
> writes a patch for debian, place it under the debian/* license (GPL2+
> in this case). That patch then it would taint the upstream license,
> as combining code with LGPL2.1 and GPL2+ leads to something that is
> only GPL2+, likely something that upstream wouldn't want.

> + furthermore, the project is not released under LGPL-2.1, but
> LGPL-2.1+ ... please pay attention to these details

Yes, I double-checked their licenses and fixed d/copyright

> + in the copyright you wrote "2014-2020 VLC authors and VideoLAN", but
> I can't find any year later than 2017. Lastly, I see all files have
> only one "Author:" listead in them, I'd find nice if you added at
> least a Comment: line in that "Files: *" paragraph mentioning that
> single author.


> + you missed m4/attributes.m4 - please take note that that GPL-2+ file
> has a special exception


>* you uploaded a .asc file, but you have not provided either public
> signing key in d/upstream/signing-key.asc nor set an appropriate pgp
> option in d/watch. Nor I can find any signature on the upstream
> repository (note that I haven't tried to check the signature). Where
> is it coming from?

It was my signature as recommended in one of thousand Debian Wiki pages
I read. As you clarified in pr8vate, this was useless so I recreated repo and pushed
the fixed package to mentors queue.

Thanks for review! :)
Vasyl Gello
Reply to: