control: tag -1 -moreinfo Hello,
On Wed, Jul 20, 2016 at 02:40:57PM +0800, Paul Wise wrote: > On Wed, Jul 20, 2016 at 7:25 AM, Sean Whitton wrote: > > > I am looking for a sponsor for my package self-destructing-cookies. > > I am willing to sponsor this. Thank you for your feedback :) > > With this addon installed, Firefox will delete cookies and > > LocalStorage when there are no longer any open tabs using those > > cookies or LocalStorage entries. Sites whose cookies or > > LocalStorage you want to keep may be whitelisted. > > Nice. If you are in contact with upstream, it might be interesting to > have the cookies/LocalStorage also restricted to individual tabs or > windows. I wouldn't want to use this myself. What I like about this addon is that it is really close to the default cookie/local storage setup that sites (validly) assume 99% of people are using. I often keep a tab open in the background that keeps me logged into a site, do what I need to do with that logged in status, and then close the background tab. Of course, other people might prefer doing things in the way you suggest, but it seems like the problem is a hard one.[2] Anyway, I've forwarded your suggestion to upstream. > mozilla-devscripts 0.47 needs to be in unstable (currently just in > buildd-unstable). It's in unstable now, but could you explain why this was something we had to wait on? I thought that DAK would do the right thing if we went ahead and uploaded. > Please use Ove's full name in debian/copyright, same as in the > upstream code. Fixed. > There is one file that looks like it might be MPL not GPL-2+ Fixed, whoops. > What is JPM? I don't see it used in the build log but the upstream > changelog says it is used during build. Does this mean that you > haven't packaged the actual upstream source, just their generated XPI > file? According to [1], JPM is a simple command-line tool to make developing addons easier. It doesn't perform any building other than packing the source into an .xpi, for which we have dh_xul-ext. I confirmed with upstream that there is no source code repository other than the contents of the .xpi file that I obtained from addons.mozilla.org. There is no build process that converts some other source code into the contents of the .xpi file. So in summary the changelog entry probably shouldn't be there; it's like saying "the author of this python library now uses pylint during development" in a changelog.[3] > Some PNG files might be missing their SVG source, please clarify with > upstream and see the automatic checks section below. Upstream sent me a copy, and I've included it in debian/missing-sources/. They will include all .svg files in the next release. > package.json says the license is GPL 2 not GPL-2+. Patched and forwarded. > I don't think you need both formats of the upstream changelog in the > binary package. I would prefer to install both of them. I can imagine a user browsing to the directory in a graphical file manager and wanting to open the HTML file, and a user of a different temperament using a terminal pager. > Please add some upstream metadata: > https://wiki.debian.org/UpstreamMetadata Done, and I filed a wishlist bug against Lintian to have it suggest adding upstream metadata. > It would be nice if uscan/mk-origtargz would build its repacked > tarballs in a bit-identical/reproducible way. Could you file a bug > about that please? Somebody already has: #807270. > What is the format of the data that amo-changelog downloads? I think > it would be better to download and store that, then do the conversion > to rst/html at package build time. It downloads it as RSS (XML), and then converts this. amo-changelog does not expose its conversion functions, so rather than come up with an ad hoc solution for this package, I've filed #833008. > P: self-destructing-cookies source: debian-watch-may-check-gpg-signature Overridden. Suggested to upstream. > $ codespell --quiet-level=3 ./lib/gui-australis.js:315: indentifier > ==> identifier ./lib/gui-android.js:169: indentifier ==> identifier > ./lib/gui-desktop.js:317: indentifier ==> identifier This is in a code comment, so I'm not going to prepare a patch. > ./debian/upstream/changelog.html:6: compatiblity ==> compatibility > ./debian/upstream/changelog:4: compatiblity ==> compatibility I don't want to patch these files since the fixes will get overwritten by amo-changelog, but I have informed upstream of the error. > $ find \( -name .git -o -name .svn -o -name .bzr -o -name CVS -o -name > .hg -o -name _darcs -o -name _FOSSIL_ -o -name .sgdrawer \) -prune -o > -empty -print > ./doc/main.md I believe that upstream has this empty file to satisfy Mozilla packaging conventions. My package does not install it. > $ fdupes -q -r . | grep -vE > '/(\.(git|svn|bzr|hg|sgdrawer)|_(darcs|FOSSIL_)|CVS)(/|$)' | cat -s > ./icon.png ./data/sdc64.png Now using dh_link. > # check if these can be switched to https:// > $ grep -rF http: . > Binary file ./META-INF/mozilla.rsa matches > ./lib/src-smarttab.js: this.tracker.decRefs(URL("http://"; + > active[d]), STYLE_TOP); > ./lib/src-smarttab.js: this.tracker.incRefs(URL("http://"; + > active[d]), STYLE_TOP); > ./lib/src-smarttab.js: this.tracker.decRefs(URL("http://"; + > expired[d]), STYLE_TOP); > ./lib/main.js: var uri = ioService.newURI("http://"; + > (domain.startsWith(".") ? domain.substr(1) : domain), null, null); > ./lib/main.js: var uri = ioService.newURI("http://"+domain, null, null); > ./lib/main.js: var uri = ioService.newURI("http://"+domain, null, null); > ./install.rdf:<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"; > xmlns:em="http://www.mozilla.org/2004/em-rdf#";> > ./bootstrap.js: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ > ./debian/copyright: along with this program. If not, see > <http://www.gnu.org/licenses/>. Switched to https in the Debian copyright file. Rather than break anything in the actual codebase, I've forwarded the list to upstream and suggested they look into changing it. > $ uscan --download-current-version --destdir . > uscan: Newest version of self-destructing-cookies on remote site is > 0.4.10, specified download version is 0.4.10 > uscan warn: Possible OpenPGP signature found at: > > https://addons.mozilla.org/firefox/downloads/file/423258/self_destructing_cookies-0.4.10-an+fx.xpi?src=version-history.asc. > Please consider adding opts=pgpsigurlmangle=s/$/.asc/ > to debian/watch. see uscan(1) for more details. False positive. The .asc is in the query string and this URI is a link to the .xpi file. Filed #833012. Package updated on mentors and in my git repository. [1] https://developer.mozilla.org/en-US/Add-ons/SDK/Tutorials/Getting_Started_%28jpm%29 [2] https://bugzilla.mozilla.org/show_bug.cgi?id=117222#c286 [3] Excluding the case where pylint got added to a Makefile, or something. -- Sean Whitton
signature.asc
Description: PGP signature
