[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#747169: RFS: socksjs-twisted/1.2.1-1 [ITP]

Hi Alexandre,

2014-09-11 9:27 GMT-03:00 Alexandre Rossi <alexandre.rossi@gmail.com>:

>>    - Please, create a VCS to control your debian/ versions. You can
>> use github or other. So, add the Vcs-Browser and Vcs-{Git|Svn|Cvs} to
>> d/control. You can see an example here[1].
>
> Done.


You need use 'git://' to Vcs-Git, intead of 'https://'.


>> 2. d/copyright:
>>
>>     - Use the verbatim license from upstream code (LICENSE file). As
>> an example, the upstream says "Neither the name of the Christopher
>> Gamble nor the names of its", while the d/copyright says "Neither the
>> name of Oracle nor the names of its".
>
> Fixed.
>
>>     - I found this:
>>
>> qunit/html/static/qunit.css: * Copyright (c) 2011 John Resig, Jörn Zaefferer
>> qunit/html/static/qunit.css- * Dual licensed under the MIT (MIT-LICENSE.txt)
>> qunit/html/static/qunit.css- * or GPL (GPL-LICENSE.txt) licenses.
>>
>> Please, check each file and its licenses. I suggest 'grep -sriA25
>> copyright *' to help you.
>
> I fixed it and other stuff.


Please, I found new names as Ariel Flesler and The Dojo Foundation
(from your patch).

How you concluded that txsockjs/websockets.py is under MIT license? Do
you checked this information at this site[1]?

[1] http://twistedmatrix.com/trac/browser/branches/websocket-4173-2?rev=29073

If yes, the license must be put inside the source code. From MIT
license: "The above copyright notice and this permission notice shall
be included in all copies or substantial portions of the Software.".
So, if no have references in source code (about the license and
origin), the upstream didn't can distribute this code without break
the licensing rules.

I am very concerned because I think that the upstream source code has
several files or extracts of codes from other upstreams without
licenses. If yes, the socksjs-twisted upstream needs to fix this
issue.


>> 3. What makes your patch? My impression is that you are "injecting" a
>> third-part code in upstream. Is this? If yes, you must add it as an
>> dependency of the package. If not packaged, you need package it.
>
> The patch adds the missing source for minified js files. See
> https://lintian.debian.org/tags/source-is-missing.html


Ok. But the lintian says: "add it to "debian/missing-sources"
directory". And as I said, this code must be referenced in
d/copyright.

What is the origin of this code? (you must add it to the patch header)

There is this code packaged in Debian?


>> 6. Do you see these lintian messages?
>>
>> P: sockjs-twisted source: source-contains-prebuilt-javascript-object
>> qunit/html/static/jquery.min.js
>> P: sockjs-twisted source: source-contains-prebuilt-javascript-object
>> qunit/html/static/qunit.min.js
>
> Those are fixed by the patch and are false positives, see above and a
> lintian bug :
> https://bugs.debian.org/744972


I can be wrong. But the pointed site is about missing sources. Please see it[2].

[2] https://lintian.debian.org/tags/source-contains-prebuilt-javascript-object.html

Alexandre, I am unconfortable with this package. I need your attention
to explain/fix the issues.

Cheers,

Eriberto
Reply to: