Re: RE : SAGE in Debian status page
Hi Frédéric,
I just checkout your package and now there is only one lintian complain about the hardening
[...]
For some reson, it does not complain on my machine (after reading
CPPFLAGS etc. from the environment).
- I can see that you did not use dpkg-buildflags in your rules file
please read this page [1] and follow the advices to add the hardening flags to your package.
I thought the flags would be automatically exported to the environment
using recent versions of debhelper. But it seems, that this is not the
case. (Unfortunately, lintian didn't complain on my system about this.)
I fixed that.
- I see also some inconsistencies in the package,
the compat file contain 7 and the minimum debhelper from the control file says>=5
you should switch to at least 8.
I consistently switched to 9.
- you should use cme to help you fix the control and copyrigh files like this
cme fix dpkg-control
cme fix dpkg-copyright
this program is provided by this package
ii libconfig-model-dpkg-perl 2.030 all editor for Dpkg source files with validation
I have to postpone this, since I did not get this working on unbuntu
12.04 due to missing (outdated) build dependencies. (Are there suitable
binaries around?)
at this occasion you should switch to the DEP5 copyright format before running cme on the copyright.
look for licensecheck2dep5 that can help you.
- your package seems to use the -release versionning schema [2], does it mean that your library change its API at each release ?
Currently the ABI might still change form release to release.
* If what you are "selling" to your users is only the python module, it should be nice to avoid provinding the libraries at all.
this would reduce a lot the amount of work for the maintenance of X verison of the libraries.
Sage uses the library interface, so I have to provide users' access to
the libraries.
* if you are providing also the c++ library and the dev environment with the -dev package, you should also provide a -dbg package.
Since I'll stay with the -dev package, I've added the -dbg package(s).
nevertheless If your package is API compatible with the previous 0.5~rc1-2.2, you should reconsider the naming schema of your libraries.
The package is definitively incompatible to 0.5.
* one other good practice is also to package only one library per binary package, but you bundled two of them in
your binary.
I've added another package libpolybori-groebner, and -dbg and pushed it.
* so please read all [2] and explain me what is your plan for polybori, thanks.
For now I have to go with the -release method.
- you should acknowledge or not also the .2 NMU
Acknowledged at http://wiki.debian.org/LowThresholdNmu .
- since you are part of the upstream, I would encourage you to read also this document[3] which explain why scons should be avoid as much as possible.
Especially, when it will comes to multi-archify your package :).
I might consider moving from scons later, but not on short notice.
(BTW polybori contains several workarounds for several arch-related
scons issues.)
I know this is lot's of work but the quality of the overall distribution dependes on this.
I appreciate the suggestios and comments.
I still have to do the "cme fix"-part. But perhaps you can already have
a look at me recent commits to ensure that the other issues were
resolved accordingly.
thanks for your efforts on the packaging side and for polybori itself.
You're welcome!
Best regards,
Alexander
[1] http://wiki.debian.org/HardeningWalkthrough
[2] http://www.netfort.gr.jp/~dancer/column/libpkg-guide/libpkg-guide.html#id291350
[3] http://wiki.debian.org/UpstreamGuide
--
Dr. rer. nat. Dipl.-Math. Alexander Dreyer
Abteilung "Systemanalyse, Prognose und Regelung"
Fraunhofer Institut für Techno- und Wirtschaftsmathematik (ITWM)
Fraunhofer-Platz 1
67663 Kaiserslautern
Telefon +49 (0) 631-31600-4318
Fax +49 (0) 631-31600-5318
E-Mail alexander.dreyer@itwm.fraunhofer.de
Internet http://www.itwm.fraunhofer.de/sys/dreyer.html
Reply to: