On Tuesday 17 May 2005 8:53 am, Gunnar Wolf wrote: > > You don't need to be a DD to contribute to Debian - Personally, I am > sorry - I saw your list, but was (am?) too busy at the moment to do > anything about it. Anyway, the best way to get your packages to the > right people would probably be to start contributing to the Debian > Pkg-perl Alioth project [1] - Many current contributors are not DDs, > they only need to bug us DDs to do the uploads. > > Of course, regarding the note that Luk sent: You have to make sure the > package is completely policy compliant - If Net::SFTP depends on > packages not in the archive but all of them are DFSG-free, you have to > package them all and put them all in main. Where can licensing advise be received? Everything looks okay except the IDEA algorithm has a strange license. This library is covered by the following licence: ==================================================== Copyright (C) 1995, 1996 Systemics Ltd (http://www.systemics.com/) All rights reserved. This library and applications are FREE FOR COMMERCIAL AND NON-COMMERCIAL USE as long as the following conditions are adhered to. Copyright remains with Systemics Ltd, and as such any Copyright notices in the code are not to be removed. If this code is used in a product, Systemics should be given attribution as the author of the parts used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by Systemics Ltd (http://www.systemics.com/) THIS SOFTWARE IS PROVIDED BY SYSTEMICS LTD ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The licence and distribution terms for any publically available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution licence [including the GNU Public Licence.] ====================================================== I'm no lawyer. This license seems questionable to me. Is an account needed to stick packages on Alioth? Will somebody verify the work and report any discrepancies (seems obvious this is the case). To summarize, I have the following packages built and ready to be critiqued for quality. I am willing to fix any issues that may be found. libclass-loader-perl libconvert-ascii-armour-perl libconvert-pem-perl libcrypt-des-ede3-perl libcrypt-dh-perl libcrypt-idea-perl libcrypt-primes-perl libcrypt-random-perl libcrypt-rc4-perl libcrypt-rsa-perl libdata-buffer-perl libdigest-bubblebabble-perl libmath-gmp-perl libmath-pari-perl libnet-sftp-perl libnet-sshperl-perl libtie-encryptedhash-perl These are only about 2/3 of the dependencies for the Net::SFTP package, the rest are already in the debian archive. We use these packages on a daily basis so I know I've got all the dependencies met however it was a tangled web and it's possible that one or two dependencies may not be needed. Is there a way to check dependencies that doesn't require sifting through code looking at "use" statements? This is the first Perl stuff I've packaged. I just reviewed other Perl packages from the archive to get an idea of what to do. > > Yes, I think RFPs never really worked :-( But showing your work like > you did over six weeks ago _should_. > Well it's definitely something to consider improving (RFP/ITP) but it's better than nothing I suppose. As far as showing work here... my intent was just to wave a flag saying "If someone needs this stuff, here it is". When I got no reply I just figured Net:SFTP was only something that was more specialized to our business needs and that nobody else needed this stuff. I'm obviously game for improving Debian in any way and I would say better too many packages than not enough. At the same time I can only imagine that packages are often left unmaintained so it's an obvious need to have someone committed to keeping them up to date. Providing I got things packaged correctly, these Perl packages (other than dependencies) are pretty simple to package. I use watch files to update things and with the initial work over, the maintenance is pretty simple. In conclusion, how can I get these packages onto Alioth and can I expect constructive feedback and/or guidance on getting these packages up to an exceptable level of quality? I understand with Sarge looking to release by months end that everyone is extremely busy. I don't expect any hand holding nor do I expect getting these packages into the archive to be a simple and quick procedure. I'm obviously required to maintain these packages at work and I don't see that changing anytime soon. If I can get these packages to other Debian users as well as raise their level of quality and learn some valuable lessons along the way then I am 100% committed. > > You can also consider using dh-make-perl - If you just have to build > simple packages out of CPAN modules and you don't feel like > maintaining them in Debian, it's the easiest way out. Some of the packages have C files as well. I don't know that dh-make-perl will work (I've never used it). Like I said, the initial work is over and maintenance is a simple chore now. -- Eric Gaumer Debian GNU/Linux PPC egaumer@pagecache.org http://egaumer.pagecache.org PGP/GPG Key 0xF15D41E9
Attachment:
pgpnZlXXF3ACu.pgp
Description: PGP signature