Bug#647090: Review for the package on mentors.debian.net
Michael, I'm CCing you as it looks like you did not yourself to owner
of bug 647090, thus likely not getting mails sent to this bug report.
(Did you get the mail from Aron Xu, I'm quoting in this mail?).
* Aron Xu <happyaron.xu@gmail.com> [120120 15:59]:
> I had a quick look at your package on mentors.debian.net, and here are
> my comments:
>
> 1.As you have updated the package to use debhelper compatible level 8,
> the use of source format 3.0 is highly recommended. What you need to
> do is:
> $ mkdir debian/source
> $ echo "3.0 (quilt)" > debian/source/format
> Then review your patches against the build system (*/config.[mk,h])
> and make them maintained using quilt in debian/patches/ .
The patches also look like you do not need to patch anything at all,
but some make command line argument could do the same trick.
That would then also converting it to 3.0 (quilt) much easier.
Related to this:
> 4.debian/watch is missing. If you can, please add a watch file.
More broad question: where is that .orig.tar file from? I cannot
find anything on the website.
If that is repackaged from some other tarballs, it should rather be
a "3.0 (quilt)" with some component tarballs that then can be the
original upstream files.
> 2.Can you explain why usr/bin/slock should be setuid? I can guess that
> it's an screen locker so it may need the privilege to do its job, but
> since it is a potential security hole please document it in
> README.Debian for it.
slock seems to not support PAM thus only be quite limited in what
authentication it supports. Perhaps it might be better to remove that
then...
Some other point:
* It would be nice if dpkg-buildflags flags were used.
(Or some other way to support DEB_BUILD_OPTIONS=noopt, but
dpkg-buildflags is easier and better). That would also solve
the problem of not building -g by default as suggested by policy.
Bernhard R. Link
Reply to: