Hi Paul, On Wed, 23 Sep 2015 at 18:03:41 +0200, Paul Wise wrote: > The source package should not be a native source package as netmask > isn't Debian specific.
It has however (to my surprise as well) been a native package since its integration to Debian in 1999. Just made it non-native as you suggested, though. > Are buildflags.mk and override_dh_auto_build nessecary? Usually they > aren't for autoconf. Yes, upstream has a weird way to manage the CFLAGS/CPPFLAGS/LDFLAGS. The only way I could override the variables to add the hardening options was to pass them to ‘make’. > Is debian/info nessecary? Usually the upstream build system is > responsible for installing info documents. No indeed it's not, thanks. > The upstream NEWS file doesn't look very useful, I would suggest > asking upstream to rename the ChangeLog to NEWS (or just not > installing NEWS). > > The upstream README file has an incorrect version number and claim > about initial public release in it, you might want to suggest upstream > to remove the version number from it. Will do. Not a reason for rejection though :-P > Is debian/dirs nessecary? Usually the upstream build system and > debhelper automatically create those two dirs. No indeed it's not, thanks. > I would suggest adding a Homepage field pointing at the github page to > debian/control. > > I would suggest adding a debian/watch file and a debian/upstream/metadata > file. > > https://wiki.debian.org/debian/watch > https://wiki.debian.org/UpstreamMetadata Done for the homepage and upstream/metadata. Thanks for the tips. (Unfortunately upstream currently doesn't tag their release nor provide tarballs, so the watchfile is useless right now since I don't know how to mangle the versions, right?) > I would suggest that upstream tag their releases and upload their > tarballs to github using the releases feature. > > https://github.com/talby-/netmask/releases Yeah, that would be great. I asked about that already ;-) > I would suggest that upstream should remove from git all the files > generated or copied in by autotools. > > Yourself and upstream might want to OpenPGP-sign git commits, git tags > and release tarballs: > > http://mikegerwitz.com/papers/git-horror-story > https://help.riseup.net/en/security/message-security/openpgp/best-practices I have done that right after my ITA :-) Didn't get a reply yet, though. > This line in the upstream configure.in looks weird, usually -O only > goes up to 3: > > : ${CFLAGS='-Wall -g -O6'} Will tell upstream about that. > aclocal: warning: autoconf input should be named 'configure.ac', not > 'configure.in' > automake: warning: autoconf input should be named 'configure.ac', not > 'configure.in' > configure.in:3: warning: AM_INIT_AUTOMAKE: two- and three-arguments > forms are deprecated. For more info, see: > configure.in:3: > http://www.gnu.org/software/automake/manual/automake.html#Modernize-AM_005fINIT_005fAUTOMAKE-invocation > automake: warning: autoconf input should be named 'configure.ac', not > 'configure.in' > > lintian: > > X: netmask source: deprecated-configure-filename Yeah, the build system is from 1999 and hasn't been much upgraded since :-/ Surely upstream noticed the warning already, but I'll point it out anyway. However IMHO it's not a reason for rejection either :-P > $ duck > E: debian/control: Vcs-Git: https://git.guilhem.org/netmask: ERROR > (Certainty:certain) > fatal: unable to access 'https://git.guilhem.org/netmask/': server > certificate verification failed. CAfile: > /etc/ssl/certs/ca-certificates.crt CRLfile: none I serve git over (smart) HTTP. And well, the CA is valid, it just happen not to be in your CA store :-P > $ fdupes -q -r . > ./testdata.14 > ./testdata.15 > > ./testdata.19 > ./testdata.23 > > ./version.texi > ./stamp-vti > > $ licensecheck --check=. --recursive --copyright . | grep -i incorrect > ./errors.h: GPL (v2 or later) (with incorrect FSF address) > ./main.c: GPL (v2 or later) (with incorrect FSF address) > ./missing: GPL (v2 or later) (with incorrect FSF address) > ./mdate-sh: GPL (v2 or later) (with incorrect FSF address) > ./errors.c: GPL (v2 or later) (with incorrect FSF address) > ./texinfo.tex: GPL (v2 or later) (with incorrect FSF address) > ./netmask.c: GPL (v2 or later) (with incorrect FSF address) > > $ licensecheck --check=. --recursive --copyright . | grep -F 'GENERATED FILE' > ./configure: GENERATED FILE > ./Makefile.in: GENERATED FILE Again I intend to be the maintainer, not upstream :-P (And the package has been around in its current state for 16 years.) I'll forward your remarks upstream though. In the meantime I have uploaded a new version: dget -x http://mentors.debian.net/debian/pool/main/n/netmask/netmask_2.4.0-1.dsc Thanks for the feedback, cheers, -- Guilhem.
signature.asc
Description: PGP signature
