control: tag -1 -moreinfo
Hello,
On Wed, Jul 20, 2016 at 02:40:57PM +0800, Paul Wise wrote:
> On Wed, Jul 20, 2016 at 7:25 AM, Sean Whitton wrote:
>
> > I am looking for a sponsor for my package self-destructing-cookies.
>
> I am willing to sponsor this.
Thank you for your feedback :)
> > With this addon installed, Firefox will delete cookies and
> > LocalStorage when there are no longer any open tabs using those
> > cookies or LocalStorage entries. Sites whose cookies or
> > LocalStorage you want to keep may be whitelisted.
>
> Nice. If you are in contact with upstream, it might be interesting to
> have the cookies/LocalStorage also restricted to individual tabs or
> windows.
I wouldn't want to use this myself. What I like about this addon is
that it is really close to the default cookie/local storage setup that
sites (validly) assume 99% of people are using. I often keep a tab open
in the background that keeps me logged into a site, do what I need to do
with that logged in status, and then close the background tab.
Of course, other people might prefer doing things in the way you
suggest, but it seems like the problem is a hard one.[2] Anyway, I've
forwarded your suggestion to upstream.
> mozilla-devscripts 0.47 needs to be in unstable (currently just in
> buildd-unstable).
It's in unstable now, but could you explain why this was something we
had to wait on? I thought that DAK would do the right thing if we went
ahead and uploaded.
> Please use Ove's full name in debian/copyright, same as in the
> upstream code.
Fixed.
> There is one file that looks like it might be MPL not GPL-2+
Fixed, whoops.
> What is JPM? I don't see it used in the build log but the upstream
> changelog says it is used during build. Does this mean that you
> haven't packaged the actual upstream source, just their generated XPI
> file?
According to [1], JPM is a simple command-line tool to make developing
addons easier. It doesn't perform any building other than packing the
source into an .xpi, for which we have dh_xul-ext.
I confirmed with upstream that there is no source code repository other
than the contents of the .xpi file that I obtained from
addons.mozilla.org. There is no build process that converts some other
source code into the contents of the .xpi file.
So in summary the changelog entry probably shouldn't be there; it's like
saying "the author of this python library now uses pylint during
development" in a changelog.[3]
> Some PNG files might be missing their SVG source, please clarify with
> upstream and see the automatic checks section below.
Upstream sent me a copy, and I've included it in
debian/missing-sources/. They will include all .svg files in the next
release.
> package.json says the license is GPL 2 not GPL-2+.
Patched and forwarded.
> I don't think you need both formats of the upstream changelog in the
> binary package.
I would prefer to install both of them. I can imagine a user browsing
to the directory in a graphical file manager and wanting to open the
HTML file, and a user of a different temperament using a terminal pager.
> Please add some upstream metadata:
> https://wiki.debian.org/UpstreamMetadata
Done, and I filed a wishlist bug against Lintian to have it suggest
adding upstream metadata.
> It would be nice if uscan/mk-origtargz would build its repacked
> tarballs in a bit-identical/reproducible way. Could you file a bug
> about that please?
Somebody already has: #807270.
> What is the format of the data that amo-changelog downloads? I think
> it would be better to download and store that, then do the conversion
> to rst/html at package build time.
It downloads it as RSS (XML), and then converts this. amo-changelog
does not expose its conversion functions, so rather than come up with an
ad hoc solution for this package, I've filed #833008.
> P: self-destructing-cookies source: debian-watch-may-check-gpg-signature
Overridden. Suggested to upstream.
> $ codespell --quiet-level=3 ./lib/gui-australis.js:315: indentifier
> ==> identifier ./lib/gui-android.js:169: indentifier ==> identifier
> ./lib/gui-desktop.js:317: indentifier ==> identifier
This is in a code comment, so I'm not going to prepare a patch.
> ./debian/upstream/changelog.html:6: compatiblity ==> compatibility
> ./debian/upstream/changelog:4: compatiblity ==> compatibility
I don't want to patch these files since the fixes will get overwritten
by amo-changelog, but I have informed upstream of the error.
> $ find \( -name .git -o -name .svn -o -name .bzr -o -name CVS -o -name
> .hg -o -name _darcs -o -name _FOSSIL_ -o -name .sgdrawer \) -prune -o
> -empty -print
> ./doc/main.md
I believe that upstream has this empty file to satisfy Mozilla packaging
conventions. My package does not install it.
> $ fdupes -q -r . | grep -vE
> '/(\.(git|svn|bzr|hg|sgdrawer)|_(darcs|FOSSIL_)|CVS)(/|$)' | cat -s
> ./icon.png ./data/sdc64.png
Now using dh_link.
> # check if these can be switched to https://
> $ grep -rF http: .
> Binary file ./META-INF/mozilla.rsa matches
> ./lib/src-smarttab.js: this.tracker.decRefs(URL("http://"; +
> active[d]), STYLE_TOP);
> ./lib/src-smarttab.js: this.tracker.incRefs(URL("http://"; +
> active[d]), STYLE_TOP);
> ./lib/src-smarttab.js: this.tracker.decRefs(URL("http://"; +
> expired[d]), STYLE_TOP);
> ./lib/main.js: var uri = ioService.newURI("http://"; +
> (domain.startsWith(".") ? domain.substr(1) : domain), null, null);
> ./lib/main.js: var uri = ioService.newURI("http://"+domain, null, null);
> ./lib/main.js: var uri = ioService.newURI("http://"+domain, null, null);
> ./install.rdf:<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#";
> xmlns:em="http://www.mozilla.org/2004/em-rdf#";>
> ./bootstrap.js: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
> ./debian/copyright: along with this program. If not, see
> <http://www.gnu.org/licenses/>.
Switched to https in the Debian copyright file. Rather than break
anything in the actual codebase, I've forwarded the list to upstream and
suggested they look into changing it.
> $ uscan --download-current-version --destdir .
> uscan: Newest version of self-destructing-cookies on remote site is
> 0.4.10, specified download version is 0.4.10
> uscan warn: Possible OpenPGP signature found at:
> https://addons.mozilla.org/firefox/downloads/file/423258/self_destructing_cookies-0.4.10-an+fx.xpi?src=version-history.asc.
> Please consider adding opts=pgpsigurlmangle=s/$/.asc/
> to debian/watch. see uscan(1) for more details.
False positive. The .asc is in the query string and this URI is a link
to the .xpi file. Filed #833012.
Package updated on mentors and in my git repository.
[1] https://developer.mozilla.org/en-US/Add-ons/SDK/Tutorials/Getting_Started_%28jpm%29
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=117222#c286
[3] Excluding the case where pylint got added to a Makefile, or something.
--
Sean Whitton
Attachment:
signature.asc
Description: PGP signature