Bug#877610: RFS: libexif/0.6.21-2.1 [NMU]

To: Hugh McMaster <hugh.mcmaster@outlook.com>, 877610@bugs.debian.org
Subject: Bug#877610: RFS: libexif/0.6.21-2.1 [NMU]
From: Adam Borowski <kilobyte@angband.pl>
Date: Thu, 5 Oct 2017 02:03:47 +0200
Message-id: <[🔎] 20171005000347.6xxkbl5vjqmy22f3@angband.pl>
Reply-to: Adam Borowski <kilobyte@angband.pl>, 877610@bugs.debian.org
In-reply-to: <[🔎] ME1PR01MB0722F0BA22D3AE2D7F672F76F2720@ME1PR01MB0722.ausprd01.prod.outlook.com>
References: <[🔎] ME1PR01MB0722F0BA22D3AE2D7F672F76F2720@ME1PR01MB0722.ausprd01.prod.outlook.com> <[🔎] ME1PR01MB0722F0BA22D3AE2D7F672F76F2720@ME1PR01MB0722.ausprd01.prod.outlook.com>

On Tue, Oct 03, 2017 at 12:14:30PM +0000, Hugh McMaster wrote:
> I am looking for a sponsor for the package "libexif".
> 
> Changes since the last upload:
> 
>   * Non-maintainer upload.
>   * debhelper update:
>     - Update package compatibility to level 10.
>   * debian/control:
>     - Bump debhelper build-dep to >= 10~.
>     - Remove dh-autoreconf from the Build-Depends list, as debhelper
>       enables the 'autoreconf' sequence by default.
>     - Bump Standards-Version from 3.9.5 to 4.1.1.
>     - Use the https protocol in the Vcs-Browser field.
>     - Update the URI referenced by the Vcs-Git field.
>     - Mark libexif-dev Multi-Arch: same (Closes: #786562).
>   * debian/copyright:
>     - Update the format specification URI.
>     - Remove references to libjpeg/* and configure.in (lintian).
>   * debian/patches:
>     - Add upstream patches to fix CVE-2016-6328 and CVE-2017-7544 
>       (thanks to Marcus Meissner) (Closes: #873022, #876466).
>   * debian/rules:
>     - Add 'hardening=+all' to DEB_BUILD_MAINT_OPTIONS.
>     - Exclude doxygen md5 files from installation (lintian).
>     - Remove '--with autoreconf' (now handled by debhelper level 10).
>     - Fix grammatical errors in a comment.
>   * debian/source/lintian-overrides:
>     - Override 'unused-file-paragraph-in-dep5-copyright' warnings.

This drastically exceeds what is appropriate for a NMU without the
maintainer's consent.  Sure, the package looks neglected, but if you're
taking steps to salvage it, it wouldn't be a NMU (at least without an
explanation).  And a NMU requires following the procedure.

The package is marked as team maintained, but neither do I see you among
the PhotoTools team, nor did you claim a team upload.

Thus, while your changes are welcome[1], I see confusion wrt what you're
trying to do here.  Options include:
* a traditional "hostile" NMU: targetted fixes only, posting a NMU diff is
  required prior to upload
* an authorized (ie, with maintainer's consent) NMU: everything goes
* a team upload: you'd need to talk with folks of the PhotoTools team, then
  it's no longer a NMU (mark as "Team upload", regular version number)
* a non-team salvage: doesn't look appropriate as other packages of that
  team look alive

Meow!

[1]. That lintian override is wrong, only one paragraph can apply to a file.
I haven't done any real review other than a quick glance, thus there might
be more issues.
-- 
⢀⣴⠾⠻⢶⣦⠀ We domesticated dogs 36000 years ago; together we chased
⣾⠁⢰⠒⠀⣿⡁ animals, hung out and licked or scratched our private parts.
⢿⡄⠘⠷⠚⠋⠀ Cats domesticated us 9500 years ago, and immediately we got
⠈⠳⣄⠀⠀⠀⠀ agriculture, towns then cities.     -- whitroth on /.

Reply to:

Follow-Ups:
- Bug#877610: RFS: libexif/0.6.21-2.1 [NMU]
  - From: Hugh McMaster <hugh.mcmaster@outlook.com>

References:
- Bug#877610: RFS: libexif/0.6.21-2.1 [NMU]
  - From: Hugh McMaster <hugh.mcmaster@outlook.com>

Prev by Date: Bug#876199: marked as done (RFS: usbguard/0.7.0+ds1-2)
Next by Date: Processed: tagging 864622
Previous by thread: Bug#877610: RFS: libexif/0.6.21-2.1 [NMU]
Next by thread: Bug#877610: RFS: libexif/0.6.21-2.1 [NMU]
Index(es):
- Date
- Thread