Bug#965363: RFS: opencpn/5.2.0+dfsg-1 [RC] -- Open Source Chartplotter and Marine GPS Navigation Software
Hi Tobias,
Thanks for taking some time for this!
On 08/09/2020 16:29, Tobias Frost wrote:
> a short review:
>
> * New upstream release including plugin downloader. Closes: 948702
>
> It is a privacy violation to download stuff. Do you inform your user about it?
Not really. Do you think a patch is motivated? If so, for each and every
plugin, or just for the first one?
> Are the downloads somehow validated that it won't execute malicious / (MITM)
> modified code?
I'm fairly active upstream where these plugins are created. They all
live on github, and the sources are available.
The actual list of downloadable plugins (the plugin catalog) is kept
under tight control upstream.
> (It would be better if plugins of relevance would be packaged.)
It's just not feasible. There are some 20 plugins, and just the
administrative work is IMHO prohibitive. Also, the user experience is
built around a workflow which does not fly using packaged plugins.
> Consistency: in other changelog entries you write a #bugnumber, here only
> bugnumer…
>
> * Add two plugin compatiblity patches (#1997).
The lower numbers are upstream bugs. Sort of obvious, but only for me...
Should the notation opencpn#1997 work?
> Spelling error:
> W: opencpn-plugins: spelling-error-in-changelog compatiblity compatibility
Agreed, will fix
> - d/copyright has some todos:
"blushes" Will fix.
> - compat-level is still at 12.
Actually on purpose to make ubuntu backports somewhat easier. I could
certainly upgrade if you feel that this is the correct decision.
Sending this reply now so I hopefully can get some more input before
doing real work.
Again: thanks for reviewing!
Cheers!
--alec
Reply to: