Dear mentors, I am looking for a sponsor for my package "liboauth". The upstream dev has solved the licensing issue with OpenSSL. Now, the GPL licensed files are not linked. Also, this version is a new upstream version (0.7.1) while the last one was 0.6.3.
* Package name : liboauth Version : 0.7.1-1 Upstream Author : Robin Gareus <ro...@gareus.org> * URL : http://liboauth.sourceforge.net/ * License : MIT Section : libs It builds these binary packages: liboauth-dev - C library for implementing OAuth 1.0 specification (development files) liboauth0 - C library for implementing OAuth 1.0 specification The package appears to be lintian clean. The upload would fix these bugs: 581601 The package can be found on mentors.debian.net: - URL: http://mentors.debian.net/debian/pool/main/l/liboauth - Source repository: deb-src http://mentors.debian.net/debian unstable main contrib non-free - dget http://mentors.debian.net/debian/pool/main/l/liboauth/liboauth_0.7.1-1.dsc I would be glad if someone uploaded this package for me. Kind regards Bilal Akhtar On Thu, 2010-05-20 at 20:34 +0800, Paul Wise wrote: > On Thu, May 20, 2010 at 1:52 PM, Bilal Akhtar <bilalakhta...@yahoo.com> wrote: > > > in Debian was the reasons why many app developers copied the source code > > into their programs. > > Way to get my attention! If any of these apps are already in Debian, > please notify the security team about the embedded code copies. Since > you got my attention, here is a review (I don't have time to commit > ongoing sponsorship, sorry): > > Please send the patches upstream if you haven't already. > > You can replace aclocal/autoheader/autoconf/automake with autoreconf. > Probably you want dh-autoreconf instead of doing it manually. What is > the reason for running autotools anyway? > > The paths in debian/patches/acandam.diff are specific to your personal > machine, that is probably a bad idea. > > debian/patches/changeencodinglocale.diff is not present in > debian/patches/series so it will not get applied, is that what you > wanted to do? > > Insert my standard comment about library package descriptions, think > about the audience for each one. -dev package will be manually > installed by people developing apps using liboauth and also as part of > build-depends. liboauth0 should only be installed automatically so it > doesn't need a verbose description. > > You forgot to build-depend on autoconf/libtool. > > debian/docs should probably be named debian/liboauth-dev.examples > > No need to be so specific with the manual page path, usr/share/man/ > should do it. > > xmalloc is GPL not LGPL so I'm wondering why upstream and > debian/copyright refer to the LGPL. > > xmalloc reduces the amount of software that can link with liboauth > (due to GPL licensing incompatibilities), it would be nice if upstream > could use plain malloc. You may want to send upstream a patch. > > Uhh, actually since you are linking xmalloc and OpenSSL (GPL & OpenSSL > licenses are not compatible), the liboath0 binary package is not > distributable! > > It is best to license debian/ under the same license as upstream so > that they can make use of your patches etc. > > Should you be depending on locales/locales-all too? > > Do you need to install the static library and .la file? Debian seems > to be moving towards not installing either of these. > > autotools warnings (send upstream): > > libtoolize: Consider adding `AC_CONFIG_MACRO_DIR([m4])' to configure.ac and > libtoolize: rerunning libtoolize, to keep the correct libtool macros in-tree. > libtoolize: Consider adding `-I m4' to ACLOCAL_AMFLAGS in Makefile.am. > > gcc warnings (send upstream): > > oauthbodyhash.c: In function 'main': > oauthbodyhash.c:65: warning: unused variable 'bh' > > lintian complaints (send most upstream): > > I: liboauth0: no-symbols-control-file usr/lib/liboauth.so.0.5.2 > X: liboauth0: shlib-calls-exit usr/lib/liboauth.so.0.5.2 > I: liboauth-dev: hyphen-used-as-minus-sign usr/share/man/man3/oauth.3.gz:374 > I: liboauth-dev: hyphen-used-as-minus-sign usr/share/man/man3/oauth.3.gz:376 > I: liboauth-dev: hyphen-used-as-minus-sign usr/share/man/man3/oauth.3.gz:403 > I: liboauth-dev: hyphen-used-as-minus-sign usr/share/man/man3/oauth.3.gz:405 > I: liboauth-dev: hyphen-used-as-minus-sign usr/share/man/man3/oauth.3.gz:863 > I: liboauth-dev: spelling-error-in-manpage > usr/share/man/man3/oauth.3.gz paramater parameter > I: liboauth-dev: spelling-error-in-manpage > usr/share/man/man3/oauth.3.gz recieve receive > I: liboauth0: spelling-error-in-binary ./usr/lib/liboauth.so.0.5.2 > environement environment > > uscan warning: > > p...@chianamo:~/tmp/liboauth-0.6.3$ uscan > Use of uninitialized value $2 in split at /usr/bin/uscan line 1503, > <WATCH> line 2. > > Seems that can be fixed by adding a slash to the URL. > > -- > bye, > pabs > > http://wiki.debian.org/PaulWise > >
signature.asc
Description: This is a digitally signed message part
