[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#779377: RFS: classified-ads/0.03-1 / ITP

Am Donnerstag, den 26.03.2015, 01:19 +0200 schrieb Antti Järvinen:
> Dear Sirs,
> 
> there is now a new version available at 
> dget -x http://mentors.debian.net/debian/pool/main/c/classified-ads/classified-ads_0.05-1.dsc
> 
> After I have agreement with a sponsor, a re-re-review would be in order. 
> 
> The new-emitted lintian warning unused-license-paragraph-in-dep5-copyright 
> isn't exactly true, I think lintian fails to parse line
> License: LGPL-2.1-with-Nokia-Exception or GPL-3.0 or Nokia-nonfree
> that does make reference to LGPL-2.1 that indeed is included. 
> 
> This version tries to address all previously raised issues, including:
> d/changelog:
> - Removed changelog, added new with dch. Debian version is -1. Distribution
>   is unstable instead of experimental. Wrap-and-sort run. 
> d/control 
> - Cdbs now gone, I'm still not sure about d/rules format if it conforms
>   to dh9 format but at least it is simple.

Looks good.

>   If there is no version numbers in debhelper or dpkg-dev then lintian
>   thinks that
>   W: classified-ads source: package-needs-versioned-debhelper-build-depends 9
>   E: classified-ads source: depends-on-build-essential-package-without-using-version dpkg-dev
>   so the version numbers remain. 

You probably do not need the dpkg-dev dependency at all, do you?

>   libqt4-sql-sqlite dependency remains as it is used at runtime only
>   and sw is not functional without. Rest of the lib-deps are gone. 
> - Added Cvs-Git and Vcs-Browser. Debian packaging files are in branch
>   "debian" of repo pointed by Cvs-Git.

You need to add -b debian then to VCS-Git (Refer to Policy 5.6.26)

> - Changed maintainer e-mail addr
> 
> d/copyright
> - Changed to look like example above. Also added LGPL_EXCEPTION.txt
>   from original nokia sources into source code. LGPL is not included
>   verbatim in d/copyright to avoid 
>   E: classified-ads: copyright-should-refer-to-common-license-file-for-lgpl
>   instead a reference is made. 

Well, you should not copy the license *text* into d/copyright, but you
still need to put the license *grant* into it. 

The license grant is the header of your source files. So, you'd write

License: LGPL-2.1+
 Classified Ads is free software; you can redistribute it and/or
 modify it under the terms of the GNU Lesser General Public
 License as published by the Free Software Foundation; either
 version 2.1 of the License, or (at your option) any later version.
 .
 Classified Ads is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 Lesser General Public License for more details.
 .
 On Debian systems, the full text of the GNU Lesser General Public
 License version 2.1 can be found in the file
 `/usr/share/common-licenses/LGPL-2.1'.
 
The first two paragraphs are the license grant, the last one is the
reference to the license text. 

Note, that your section for LGPL-2.1 is counted as unused as it is not
used as a license of its own. Here you would delete this and add the "On
Debian ..." sentences to the license grants of the complex license 
 "LGPL-2.1-with-Nokia-Exception or GPL-3.0 or Nokia-nonfree"

> general:
> - Huge high-resolution bitmaps removed from source

Not checked in the code, but this raises a flag: In Debian you need to
have the source in the preferred form for modifications and for images
this is the _best_ resolution.
(And as said earlier, you need to compute the lower resolution at build
time)	 

> - Manpage again slightly re-visited
> - Binary has a lot of key-handling inside. General rule is that no plaintext
>   private keys end up in filesystem file, that kind of material is kept in 
>   RAM only. Same applies to content originally sent encrypted, unless user 
>   specifically exports a file.
Did not check the code, but you also ensure that the RAM is not swapped
out?

> - Db file mode is set to 0600, good and rather obvious improvement
> - Lintian is now mostly quiet.
>
> --
> Antti Järvinen
> 
> 

This is only a short review -- I did only check above points due to
limited time.
One point I spotted is that d/control still has a "himself", please
rewrite gender neutral. 

Regarding my question regarding your plans for involvement into Debian
-- Do you want to share your thoughts about this?

-- 
tobi
Reply to: