Bug#961417: RFS: libudfread/1.0.0-1 -- UDF reader library
> + Vcs-* have to point to the packaging repository, not the upstream
> one. Since this is something maintained by the multimedia team
> (according to Maintainer) it should have a repo within the multimedia
> team space.
Fixed by setting Maintainer to me until I get into the team. I have not even raised
the application intent yet.
> + Homepage points to the upstream VCS: doesn't this project have a real
Well, it is, but it is sometimes not accessible. Added it anyway.
> + Both descriptions are way way too short (1 line). please strive to
> find at least 3 lines...
> + those two files are totally useless, get rid of them
Shot them dead ;)
> + you are installing the .a file: do you really need it? As a personal
> policy I try to remove static libraries rather than adding them…
I often link software statically, especially targeting Android.
So I guess keeping static library won't hurt as part of -dev
> + Please add the "Initial upload" words in there :)
> + since you are using dh compat 13, you can go and use
> "execute_before_dh_installexamples" instead of the current override
> + you may prefer to add that .la file in d/not-installed instead of
> overriding dh_missing that way (also relevant if you stop installing
> the .a file).
Good catch, thanks! Now I can keep not-installable things sane.
> + I see that debian/* has a different license than the rest of the
> package. Theoretically that might cause issue if for example sombody
> writes a patch for debian, place it under the debian/* license (GPL2+
> in this case). That patch then it would taint the upstream license,
> as combining code with LGPL2.1 and GPL2+ leads to something that is
> only GPL2+, likely something that upstream wouldn't want.
> + furthermore, the project is not released under LGPL-2.1, but
> LGPL-2.1+ ... please pay attention to these details
Yes, I double-checked their licenses and fixed d/copyright
> + in the copyright you wrote "2014-2020 VLC authors and VideoLAN", but
> I can't find any year later than 2017. Lastly, I see all files have
> only one "Author:" listead in them, I'd find nice if you added at
> least a Comment: line in that "Files: *" paragraph mentioning that
> single author.
> + you missed m4/attributes.m4 - please take note that that GPL-2+ file
> has a special exception
>* you uploaded a .asc file, but you have not provided either public
> signing key in d/upstream/signing-key.asc nor set an appropriate pgp
> option in d/watch. Nor I can find any signature on the upstream
> repository (note that I haven't tried to check the signature). Where
> is it coming from?
It was my signature as recommended in one of thousand Debian Wiki pages
I read. As you clarified in pr8vate, this was useless so I recreated repo and pushed
the fixed package to mentors queue.
Thanks for review! :)