Hi > A few things about your package: > > - First, there has a been a new upstream release as of 5/2/2007, you > should update. (Please also see the note below about your changelog.) ok, I've packaged a new version and uploaded it to debian. > - The md5sums of the contents of the .orig.tar.gz don't match the > md5sums of the contents of the .xpi. (I understand that you had to tar > up the .xpi, which is why I did not just check the sums of the .xpi > and the .orig.tar.gz. However, the chrome/noscript.jar and > install.rdf files differ. The difference in the install.rdf is a > single character in a version string. The noscript.jar files > differ, but all of their contents are the same. This is just > something of which you need to be aware since you must always > repackage your upstream release.) I don't understand: I find the same md5sums on chrome/noscript.jar and install.rdf if I compare .orig.tar.gz and .xpi. > - Your changelog needs fixing. You have many entries, when in fact > this would be the first one to make it to the archive. Unless you > have widely released the package already, you should just have a > single changelog entry "Initial release. (Closes: #411403)". ok, I've corrected that > - I think you are going the long way about repackaging the upstream > release. The uupdate command supports zip files. I think that if > you simply download the .xpi, rename it to .zip and use uupdate, it > will figure everything out for you. I would play around with that > some, as it might save you time in the future. Thanks, yes, it is really useful. So now, is debian/README.Debian-source correct ? > - In your debian/copyright file, the URL which it mentions from where > you obtained the software gives a 404. The new URL appears to be > https://addons.mozilla.org/firefox/722/ Thanks, addons software has changed a few weeks ago. 404 has probably appeared at that moment. Anyway, I changed url (see below) > - I really like how you got rid of all the crap sites from the > pre-packaged whitelist. However, this might confuse users who come > from using this somewhere else. It is best if you add a > README.Debian file and make note of which domains which are normally > whitelisted that you have removed. ok, I've corrected that. > - Your debian/rules file is very clean. (It looks much nicer than my > first few packages :). thanks > - I like that you use dpatch and don't change the package files > themselves. Personally, I think the .diff.gz should never touch > anything outside of the debian/ directory. thanks > - Your watch file works. However, be aware that the site to which you > direct it does not have any release listed for more than two months. > If you can find a better one, that would be good. I think that since > the watch file supports parsing html links, you could point it at the > noscript.net download page. There is a "direct download" link on > that page. Oups, it looks like there are no releases in that directory anymore since they changed addons software. So, I've done as you suggest, and watch file now points to noscript.net/getit > - The package is lintian clean and linda clean. That is excellent. It > also passes piuparts. If you do not already do so, make sure that > you run these three tools on all your packages. thanks, I was not aware of linda. I was also not aware of piuparts: I tried it but did not understand it. I'll have a deeper look at that tool in the future. > > If you fix up these issues, I would be happy to sponsor this package for > you. > Thanks a lot. But I have a question: what happens when I want to release a new version (if there is new version upstream, or if I want to fix potential bugs in package) ? Do I have to contact you, or shall I find another mentor ?
Attachment:
signature.asc
Description: OpenPGP digital signature