Hi Tobias, Thanks for taking some time for this!
On 08/09/2020 16:29, Tobias Frost wrote: > a short review: > > * New upstream release including plugin downloader. Closes: 948702 > > It is a privacy violation to download stuff. Do you inform your user about it? Not really. Do you think a patch is motivated? If so, for each and every plugin, or just for the first one? > Are the downloads somehow validated that it won't execute malicious / (MITM) > modified code? I'm fairly active upstream where these plugins are created. They all live on github, and the sources are available. The actual list of downloadable plugins (the plugin catalog) is kept under tight control upstream. > (It would be better if plugins of relevance would be packaged.) It's just not feasible. There are some 20 plugins, and just the administrative work is IMHO prohibitive. Also, the user experience is built around a workflow which does not fly using packaged plugins. > Consistency: in other changelog entries you write a #bugnumber, here only > bugnumer… > > * Add two plugin compatiblity patches (#1997). The lower numbers are upstream bugs. Sort of obvious, but only for me... Should the notation opencpn#1997 work? > Spelling error: > W: opencpn-plugins: spelling-error-in-changelog compatiblity compatibility Agreed, will fix > - d/copyright has some todos: "blushes" Will fix. > - compat-level is still at 12. Actually on purpose to make ubuntu backports somewhat easier. I could certainly upgrade if you feel that this is the correct decision. Sending this reply now so I hopefully can get some more input before doing real work. Again: thanks for reviewing! Cheers! --alec
