Bug#838870: RFS: nbsphinx/0.2.9+ds-1 [ITP] -- Jupyter Notebook Tools for Sphinx

2016-10-05 Thread Frederic Bonnard 
Thanks Benoit/Ghislain,
indeed with experimental archive it's much better :)

Benoit,
my last point would be about privacy-breach-generic lintian.
You overrided it with :
--
N: The involved links are meant to illustrate URL examples, so it is meaningless
N: to bring the involved material in a local folder.
--

I agree that bringing stuff locally (as it is advised in the lintian
description) is useless when the goal is to show the code for how to embed
content of remote images/videos URLs.
Though I still think there's a breach, as loading the documentation makes your
browser connect to the internet, load images but also javascripts and so on, 
which
is originally the reason of this lintian definition (or let me know if I'm 
wrong).
Even if you point to DFSG-free ressources, you'll have your browser that will 
still
connect outside, and that's the issue in my understanding.

I've been thinking about this and reading your discussion with Paul Wise,
I came to the following idea : why not changing after generation the html 
(sed...) :

For images :
---
-https://www.python.org/static/img/python-logo-large.png"/>
+https://www.python.org/static/img/python-logo-large.png should be displayed, 
but it got removed because of 
https://lintian.debian.org/tags/privacy-breach-generic.html.";
---

and for the embedded video :

---
 https://www.youtube.com/embed/WAikxUGbomY";
+src="about:blank"
 frameborder="0"
 allowfullscreen
+srcdoc="This video : https://www.youtube.com/embed/WAikxUGbomY should be 
displayed, but it got removed because of 
https://lintian.debian.org/tags/privacy-breach-generic.html.";
 >
---

That way, you'll keep the source code example clean, and despite the fact the 
html
is modified, the user reading the documentation will still understand the 
example, what
it should do, what is displayed and altered and why.
Ok the documentation html code is modified but the goal of the doc is to get
the idea of the use (source code) and visual result (rather than html output 
that got modified)
I also thought of playing with Content-Security-Policy in  of the 
document to block
all outside connections but, I'm not sure all browser implement this correctly.
It's also less understable for the reader to understand why things disappeared 
(except
if this "framework" have information facilities). But it would be very good to 
fix
all the privacy-breach-generic in a general manner.


F.

Bug#839831: RFS: bucklespring/1.4.0-1 -- upload new upstream version ☺

2016-10-05 Thread Dominik George 
Package: sponsorship-requests
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Dear mentors,

I am looking for a sponsor for the new version of my package
"bucklespring"

 * Package name: bucklespring
   Version : 1.4.0-1
   Section : games

It builds those binary packages:

  bucklespring - Nostalgia bucklespring keyboard sound
  bucklespring-data - Nostalgia bucklespring keyboard sound - sound files

To access further information about this package, please visit the following 
URL:

  https://mentors.debian.net/package/bucklespring

Alternatively, one can download the package with dget using this command:

  dget -x 
https://mentors.debian.net/debian/pool/main/b/bucklespring/bucklespring_1.4.0-1.dsc

Changes since the last upload:

bucklespring (1.4.0-1) unstable; urgency=medium

  * New upstream release.
 + Add mute function.
  * Source package contains proper copyright note now.
  * Fix VCS-Git URL.
  * Drop Debian patches, upstream incorporated all of them.

 -- Dominik George   Wed, 05 Oct 2016 15:36:56 +0200

Regards,
 Dominik George

-BEGIN PGP SIGNATURE-

iQJhBAEBCABLBQJX9QxIMRpodHRwczovL3d3dy5kb21pbmlrLWdlb3JnZS5kZS9n
cGctcG9saWN5LnR4dC5hc2MSHG5pa0BuYXR1cmFsbmV0LmRlAAoJELeaPBagxPKW
OhcP/Rk4SOn3dvXROK2P871nRkS1IWuBomKE1ZVhDQ6B2BRo+aaZBl9xMGeAoN3g
MpVh/pDudeghQQaqLS/DeLg3SK+O0BAMCJOB/syrGU53WIDEz7XmSjRE2d2nuyPt
GMv32Q6fNqxR2I97MZwBpEMneG1+uq8MnqMstGrwRSt6Il5c+93HpVtOrseEsein
lCHUmlVOr5NuSrCrsnfU/8ULazafr2kQuvjYFXV+yYJnrve8jqzvqZvOECRsbEUH
gxMGW9zOnm2enrgL7oZnifbe5HVyqGISE+D+LSXOtTf9RL6fJa/yfVd/zJvRAiQa
TACCEOfiLO6R6EDD+6yd8W+HDXGjkDcEaqHpUQGcFUkaAGIhStxUgySu14KRAx6T
nRwDHY6fABViKmK2ANjX5tbOff0Ym3L1nE/tdhZNXTu5chHCgRoI1/yxuufS1GJP
ayUnmEQ+L5UHwWg85WGrJAjcrLDtFAas97sLXP+trL//X2Pa+KDjTkDIG1ms23CE
TmiIZ/g7n7oy22+k+boNJUdWYoFxIrkv2nT2vvWGUBRHKitIFoNRK4jiRqa9pWRF
xkz1gHx41CCbDk1itUZe5jTHIIc7mrjfUL8BegpMYFnUPaCwniiUd7IB0592CJTQ
C9pK2jcHqtITmT8pbuPtW9t7jv9YOup4KlNbz/acB0Hn4Rn5
=8kDJ
-END PGP SIGNATURE-

Bug#839833: RFS: gkeyring/0.4-1 [ITP]

2016-10-05 Thread Yann Soubeyrand 
Package: sponsorship-requests
Severity: wishlist

Dear mentors,

I am looking for a sponsor for my package "gkeyring"

* Package name: gkeyring
  Version : 0.4-1
  Upstream Author : Kamil Páral
* URL : https://github.com/kparal/gkeyring
* License : AGPL-3.0+
  Section : gnome

It builds those binary packages:

  gkeyring   - Tool for shell access to GNOME keyring

To access further information about this package, please visit the following 
URL:

  https://mentors.debian.net/package/gkeyring

Alternatively, one can download the package with dget using this command:

  dget -x 
https://mentors.debian.net/debian/pool/main/g/gkeyring/gkeyring_0.4-1.dsc

Changes since the last upload:

  * Initial release. (Closes: #711344)

Regards,

Yann Soubeyrand

Bug#839831: marked as done (RFS: bucklespring/1.4.0-1 -- upload new upstream version ☺)

2016-10-05 Thread Debian Bug Tracking System 
Your message dated Wed, 5 Oct 2016 16:53:51 +0200
with message-id <20161005145351.ga10...@angband.pl>
and subject line Re: Bug#839831: RFS: bucklespring/1.4.0-1 -- upload new 
upstream version ☺
has caused the Debian Bug report #839831,
regarding RFS: bucklespring/1.4.0-1 -- upload new upstream version ☺
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
839831: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839831
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: sponsorship-requests
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Dear mentors,

I am looking for a sponsor for the new version of my package
"bucklespring"

 * Package name: bucklespring
   Version : 1.4.0-1
   Section : games

It builds those binary packages:

  bucklespring - Nostalgia bucklespring keyboard sound
  bucklespring-data - Nostalgia bucklespring keyboard sound - sound files

To access further information about this package, please visit the following 
URL:

  https://mentors.debian.net/package/bucklespring

Alternatively, one can download the package with dget using this command:

  dget -x 
https://mentors.debian.net/debian/pool/main/b/bucklespring/bucklespring_1.4.0-1.dsc

Changes since the last upload:

bucklespring (1.4.0-1) unstable; urgency=medium

  * New upstream release.
 + Add mute function.
  * Source package contains proper copyright note now.
  * Fix VCS-Git URL.
  * Drop Debian patches, upstream incorporated all of them.

 -- Dominik George   Wed, 05 Oct 2016 15:36:56 +0200

Regards,
 Dominik George

-BEGIN PGP SIGNATURE-

iQJhBAEBCABLBQJX9QxIMRpodHRwczovL3d3dy5kb21pbmlrLWdlb3JnZS5kZS9n
cGctcG9saWN5LnR4dC5hc2MSHG5pa0BuYXR1cmFsbmV0LmRlAAoJELeaPBagxPKW
OhcP/Rk4SOn3dvXROK2P871nRkS1IWuBomKE1ZVhDQ6B2BRo+aaZBl9xMGeAoN3g
MpVh/pDudeghQQaqLS/DeLg3SK+O0BAMCJOB/syrGU53WIDEz7XmSjRE2d2nuyPt
GMv32Q6fNqxR2I97MZwBpEMneG1+uq8MnqMstGrwRSt6Il5c+93HpVtOrseEsein
lCHUmlVOr5NuSrCrsnfU/8ULazafr2kQuvjYFXV+yYJnrve8jqzvqZvOECRsbEUH
gxMGW9zOnm2enrgL7oZnifbe5HVyqGISE+D+LSXOtTf9RL6fJa/yfVd/zJvRAiQa
TACCEOfiLO6R6EDD+6yd8W+HDXGjkDcEaqHpUQGcFUkaAGIhStxUgySu14KRAx6T
nRwDHY6fABViKmK2ANjX5tbOff0Ym3L1nE/tdhZNXTu5chHCgRoI1/yxuufS1GJP
ayUnmEQ+L5UHwWg85WGrJAjcrLDtFAas97sLXP+trL//X2Pa+KDjTkDIG1ms23CE
TmiIZ/g7n7oy22+k+boNJUdWYoFxIrkv2nT2vvWGUBRHKitIFoNRK4jiRqa9pWRF
xkz1gHx41CCbDk1itUZe5jTHIIc7mrjfUL8BegpMYFnUPaCwniiUd7IB0592CJTQ
C9pK2jcHqtITmT8pbuPtW9t7jv9YOup4KlNbz/acB0Hn4Rn5
=8kDJ
-END PGP SIGNATURE-
--- End Message ---
--- Begin Message ---
On Wed, Oct 05, 2016 at 04:20:56PM +0200, Dominik George wrote:
> I am looking for a sponsor for the new version of my package
> "bucklespring"
> 
>  * Package name: bucklespring
>Version : 1.4.0-1

Uploaded with one change: sed -i s/GPL-2/GPL-2+/ debian/copyright
-- both the upstream tarball and your wordage in debian/copyright say "or
any later version".

-- 
A MAP07 (Dead Simple) raspberry tincture recipe: 0.5l 95% alcohol, 1kg
raspberries, 0.4kg sugar; put into a big jar for 1 month.  Filter out and
throw away the fruits (can dump them into a cake, etc), let the drink age
at least 3-6 months.--- End Message ---

Bug#838495: RFS: python-cartopy/0.14.2-1 [ITP]

2016-10-05 Thread Frederic Bonnard 
Hi Ghislain,

- d/copyright:
 * based on the headers, I think it's LGPL-3+ rather than LGPL-3
 * I see several binary files such images and dataset in the source :
   a) lib/cartopy/data/netcdf/HadISST1_SST_update.nc : according to
   lib/cartopy/data/netcdf/HadISST1_SST_update.README.txt, I found that
   licensing info :
   http://www.metoffice.gov.uk/hadobs/hadcruh/licence_ncgl.html which points to
   : 
http://www.nationalarchives.gov.uk/doc/non-commercial-government-licence/non-commercial-government-licence.htm
   which seems non free (Non Commercial)
   b) lib/cartopy/data/raster/sample/Miriam.A2012270.2050.2km.jpg has this
   readme : lib/cartopy/data/raster/sample/Miriam.A2012270.2050.2km.README.txt 
; I
   didn't find on http://lance-modis.eosdis.nasa.gov licensing infos.
   c) there's various png in lib/cartopy/tests/mpl/baseline_images and I was
   wondering also about the origin in spite of the global licensing.
   
   Are all those files mandatory? maybe stripping source would help? For c)
   tests/mpl/ is skipped anyway for now, right ?  I don't know for a) and b)
- d/rules:
 * informational lintian hardening-no-bindnow : you should enable hardening
   "all" (https://wiki.debian.org/Hardening/PIEByDefaultTransition
   , https://wiki.debian.org/Hardening). I noted that pie makes compilation
   fail, but adding :
   export DEB_BUILD_MAINT_OPTIONS = hardening=+all,-pie
   does the job.
 * pedantic image-file-in-usr-lib : the importance of this one has been lowered
   since 3.9.6.0 . I don't know if it's much work to move arch independent
   files in /usr/share.

F.

Bug#839856: RFS: arc-theme/20161005-1

2016-10-05 Thread foss.freedom 
Package: sponsorship-requests
Severity: normal [important for RC bugs, wishlist for new packages]

  Dear mentors,

  I am looking for a sponsor for my package "arc-theme"

 * Package name: arc-theme
   Version : 20161005-1
   Upstream Author : horst3180 
 * URL : https://github.com/horst3180/arc-theme
 * License : GPL-3+
   Section : misc

  It builds those binary packages:

arc-theme  - Flat theme with transparent elements

  To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/arc-theme


  Alternatively, one can download the package with dget using this command:

dget -x 
https://mentors.debian.net/debian/pool/main/a/arc-theme/arc-theme_20161005-1.dsc


  Changes since the last upload:

  * New upstream release
- Fix OSD windows in MATE 1.16
- Fix Unity window decorations with GTK+ 3.20
- Minor bugfixes
  * Packaging Changes
- update debian/upstream/metadata to remove non-recommended
  homepage field (Closes: #838988)
- update homepage url in debian/control


  Regards,
   David Mohammed

Bug#838495: RFS: python-cartopy/0.14.2-1 [ITP]

2016-10-05 Thread Ghislain Vaillant 
On Wed, 2016-10-05 at 17:29 +0200, Frederic Bonnard wrote:
> Hi Ghislain,
> 
> - d/copyright:
>  * based on the headers, I think it's LGPL-3+ rather than LGPL-3

You are correct.

>  * I see several binary files such images and dataset in the source :
>    a) lib/cartopy/data/netcdf/HadISST1_SST_update.nc : according to
>    lib/cartopy/data/netcdf/HadISST1_SST_update.README.txt, I found
> that
>    licensing info :
>    http://www.metoffice.gov.uk/hadobs/hadcruh/licence_ncgl.html which
> points to
>    : http://www.nationalarchives.gov.uk/doc/non-commercial-government
> -licence/non-commercial-government-licence.htm
>    which seems non free (Non Commercial)
>    b) lib/cartopy/data/raster/sample/Miriam.A2012270.2050.2km.jpg has
> this
>    readme :
> lib/cartopy/data/raster/sample/Miriam.A2012270.2050.2km.README.txt ;
> I
>    didn't find on http://lance-modis.eosdis.nasa.gov licensing infos.

Indeed. I have asked upstream for clarification.

https://github.com/SciTools/cartopy/issues/804

Meanwhile, these data could be safely excluded in a repack.

>    c) there's various png in lib/cartopy/tests/mpl/baseline_images
> and I was
>    wondering also about the origin in spite of the global licensing.

They come from matplotlib. I should update the copyright of these
files.
 
>    Are all those files mandatory? maybe stripping source would help?
> For c)
>    tests/mpl/ is skipped anyway for now, right ?  I don't know for a)
> and b)

These tests are not called indeed, but it is due to a bug in the
packaged version of matplotlib in Debian at the moment. This does not
constitute a valid reason for a repack, I believe.

> - d/rules:
>  * informational lintian hardening-no-bindnow : you should enable
> hardening
>    "all" (https://wiki.debian.org/Hardening/PIEByDefaultTransition
>    , https://wiki.debian.org/Hardening). I noted that pie makes
> compilation
>    fail, but adding :
>    export DEB_BUILD_MAINT_OPTIONS = hardening=+all,-pie
>    does the job.

Nice catch. I will apply your suggestion verbatim.

>  * pedantic image-file-in-usr-lib : the importance of this one has
> been lowered
>    since 3.9.6.0 . I don't know if it's much work to move arch
> independent
>    files in /usr/share.

It would be providing an additional binary package for little benefits
down the line. The static data aren't huge anyway. 

Many thanks for this very constructive review.

Ghis

Bug#839856: marked as done (RFS: arc-theme/20161005-1)

2016-10-05 Thread Debian Bug Tracking System 
Your message dated Wed, 5 Oct 2016 18:33:21 + (UTC)
with message-id <390598008.5388723.1475692401...@mail.yahoo.com>
and subject line Re: Bug#839856: RFS: arc-theme/20161005-1
has caused the Debian Bug report #839856,
regarding RFS: arc-theme/20161005-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
839856: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839856
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: sponsorship-requests
Severity: normal [important for RC bugs, wishlist for new packages]

  Dear mentors,

  I am looking for a sponsor for my package "arc-theme"

 * Package name: arc-theme
   Version     : 20161005-1
   Upstream Author : horst3180 
 * URL : https://github.com/horst3180/arc-theme
 * License : GPL-3+
   Section : misc

  It builds those binary packages:

arc-theme  - Flat theme with transparent elements

  To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/arc-theme


  Alternatively, one can download the package with dget using this command:

dget -x 
https://mentors.debian.net/debian/pool/main/a/arc-theme/arc-theme_20161005-1.dsc


  Changes since the last upload:

  * New upstream release
- Fix OSD windows in MATE 1.16
- Fix Unity window decorations with GTK+ 3.20
- Minor bugfixes
  * Packaging Changes
- update debian/upstream/metadata to remove non-recommended
  homepage field (Closes: #838988)
- update homepage url in debian/control


  Regards,
   David Mohammed
--- End Message ---
--- Begin Message ---
Hi,

>  I am looking for a sponsor for my package "arc-theme"



done

G.--- End Message ---

Bug#839859: RFS: poppassd/1.8.5-4.1 [RC, NMU]

2016-10-05 Thread Peter Colberg 
Package: sponsorship-requests
Severity: important

Dear mentors,

I am looking for a sponsor for the attached NMU of poppassd that
resolves an FTBFS [1] due to an obsolete debhelper compat level.

I have contacted the maintainer of poppassd five weeks ago [2] with
a proposal addressing the numerous QA issues, including a new upstream
release that fixes an ambiguous MIT/GPL license and uses autoconf.
Unfortunately the maintainer has not replied so far. The maintainer
has not responded to the RC bug either, which was filed in March.

[1] https://bugs.debian.org/817626
[2] https://bugs.debian.org/836008

Following advice from Ricardo Mones on behalf of the Debian MIA team,
I am submitting a minimal NMU for upload to DELAYED/7 that addresses
only the RC bug. After the NMU has been accepted without a reply from
the maintainer, I will request sponsorship for poppassd/1.8.7-1 [3] to
address the QA issues (see lintian warnings).

[3] https://bugs.debian.org/836008#10

Regards,
Peter
--- a/debian/control
--- b/debian/control
@@ -2,7 +2,7 @@
 Section: mail
 Priority: optional
 Maintainer: Adam Conrad 
-Build-Depends: debhelper (>> 4.0.0), libpam-dev
+Build-Depends: debhelper (>= 9), libpam-dev
 Standards-Version: 3.6.2
 
 Package: poppassd
--- a/debian/changelog
--- b/debian/changelog
@@ -1,3 +1,10 @@
+poppassd (1.8.5-4.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Bump debhelper compat level to 9 (Closes: #817626)
+
+ -- Peter Colberg   Wed, 05 Oct 2016 07:55:06 -0400
+
 poppassd (1.8.5-4) unstable; urgency=low
 
   * Merge change from Ubuntu to depend on an inetd (closes: #520243)
--- a/debian/compat
--- b/debian/compat
@@ -1 +1 @@
-4
+9

Bug#839859: marked as done (RFS: poppassd/1.8.5-4.1 [RC, NMU])

2016-10-05 Thread Debian Bug Tracking System 
Your message dated Thu, 6 Oct 2016 03:20:27 +0200
with message-id <20161006012027.ga24...@angband.pl>
and subject line Re: Bug#839859: RFS: poppassd/1.8.5-4.1 [RC, NMU]
has caused the Debian Bug report #839859,
regarding RFS: poppassd/1.8.5-4.1 [RC, NMU]
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
839859: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839859
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: sponsorship-requests
Severity: important

Dear mentors,

I am looking for a sponsor for the attached NMU of poppassd that
resolves an FTBFS [1] due to an obsolete debhelper compat level.

I have contacted the maintainer of poppassd five weeks ago [2] with
a proposal addressing the numerous QA issues, including a new upstream
release that fixes an ambiguous MIT/GPL license and uses autoconf.
Unfortunately the maintainer has not replied so far. The maintainer
has not responded to the RC bug either, which was filed in March.

[1] https://bugs.debian.org/817626
[2] https://bugs.debian.org/836008

Following advice from Ricardo Mones on behalf of the Debian MIA team,
I am submitting a minimal NMU for upload to DELAYED/7 that addresses
only the RC bug. After the NMU has been accepted without a reply from
the maintainer, I will request sponsorship for poppassd/1.8.7-1 [3] to
address the QA issues (see lintian warnings).

[3] https://bugs.debian.org/836008#10

Regards,
Peter
--- a/debian/control
--- b/debian/control
@@ -2,7 +2,7 @@
 Section: mail
 Priority: optional
 Maintainer: Adam Conrad 
-Build-Depends: debhelper (>> 4.0.0), libpam-dev
+Build-Depends: debhelper (>= 9), libpam-dev
 Standards-Version: 3.6.2
 
 Package: poppassd
--- a/debian/changelog
--- b/debian/changelog
@@ -1,3 +1,10 @@
+poppassd (1.8.5-4.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Bump debhelper compat level to 9 (Closes: #817626)
+
+ -- Peter Colberg   Wed, 05 Oct 2016 07:55:06 -0400
+
 poppassd (1.8.5-4) unstable; urgency=low
 
   * Merge change from Ubuntu to depend on an inetd (closes: #520243)
--- a/debian/compat
--- b/debian/compat
@@ -1 +1 @@
-4
+9
--- End Message ---
--- Begin Message ---
On Wed, Oct 05, 2016 at 03:02:58PM -0400, Peter Colberg wrote:
> I am looking for a sponsor for the attached NMU of poppassd that
> resolves an FTBFS [1] due to an obsolete debhelper compat level.
[...]
> Following advice from Ricardo Mones on behalf of the Debian MIA team,
> I am submitting a minimal NMU for upload to DELAYED/7 that addresses
> only the RC bug. After the NMU has been accepted without a reply from
> the maintainer, I will request sponsorship for poppassd/1.8.7-1 [3] to
> address the QA issues (see lintian warnings).

Sounds like a reasonable plan.

I've put your upload into DELAYED/7, let's see what happens.

Thanks for taking care for this package.


Meow!
-- 
A MAP07 (Dead Simple) raspberry tincture recipe: 0.5l 95% alcohol, 1kg
raspberries, 0.4kg sugar; put into a big jar for 1 month.  Filter out and
throw away the fruits (can dump them into a cake, etc), let the drink age
at least 3-6 months.--- End Message ---

Bug#839833: RFS: gkeyring/0.4-1 [ITP]

2016-10-05 Thread Paul Wise 
Control: owner -1 !
Control: tags -1 + moreinfo

On Wed, Oct 5, 2016 at 10:46 PM, Yann Soubeyrand wrote:

>   dget -x 
> https://mentors.debian.net/debian/pool/main/g/gkeyring/gkeyring_0.4-1.dsc

I intend to sponsor this.

These issues block the upload of this package:

Neither the upstream tarball nor debian/ contain a copy of the AGPLv3.
I see upstream has one in their repository, so they just need to tag a
new release and you need to update to it, or you could package the
commit that adds it. The debian/copyright file should also contain a
full copy of the AGPLv3.

These issues would be nice to fix:

The watch file is broken (see below).

I think you probably only need python rather than python-all?

The Vcs-Browser field points at the upstream repository instead of the
Debian one, please remove it or replace it.

The Vcs-Git field should be present when Vcs-Browser is pointing at a
git repository browser.

The Homepage field should point at github because of this on the launchpad page:

The project is now hosted here:
https://github.com/kparal/gkeyring
This Launchpad site is used for its Answers discussion forum only.

Remove the word Python from the description, the implementation
language isn't relevant to end users.

This command will make diffs of debian/ easier to read:

wrap-and-sort --short-indent --wrap-always --sort-binary-packages
--trailing-comma

The debian/ directory is usually licensed under the same license as upstream.

Please add some upstream metadata:

https://wiki.debian.org/UpstreamMetadata

Please get the manual page included upstream, or get documentation
included in gkeyring.py and have the manual page generated from it
using sphinx and sphinxcontrib-autoprogram/sphinx-argparse.

Please ask upstream about switching to or supporting Python 3 and then
switching to it in Debian.

Upstream is using an image for flattr, I'd suggest they drop it and
only use the existing link, otherwise HTML versions of the README.rst
will violate the privacy of people who load those HTML files. github
is mitigating that by serving all external images from github.com but
it could still occur if someone were to render the document to HTML.

Upstream may want to use signed commits tags and releases:

https://mikegerwitz.com/papers/git-horror-story
https://wiki.debian.org/Creating%20signed%20GitHub%20releases
https://wiki.debian.org/debian/watch#Cryptographic_signature_verification

Upstream may want to read our guide for upstreams:

https://wiki.debian.org/UpstreamGuide

Once the package reaches Debian, add debtags and screenshots:

https://debtags.debian.org/
https://screenshots.debian.net/

Automated checks:

lintian:

P: gkeyring source: debian-watch-may-check-gpg-signature

check-all-the-things:

$ env PERL5OPT=-m-lib=. cme check dpkg
...
Warning in 'control source Build-Depends:0' value 'debhelper (>= 9~)':
should be (>= 9) not (>= 9~) because compat is 9
...
you can try 'cme fix dpkg' to fix the warnings shown above

# check if these can be switched to https://
$ grep -rF http: .
./gkeyring.py:# http://www.gnu.org/licenses/agpl-3.0.html
./gkeyring.py:#
http://blogs.codecommunity.org/mindbending/bending-gnome-keyring-with-python-part-2/
./README.rst:You can install this tool from `PyPI
`_ (using `pip
`_, `setuptools
`_ or `distutils
`_)::
./README.rst:This program is a free software, licensed under `GNU AGPL
3+ `_.
./README.rst:.. image:: http://api.flattr.com/button/flattr-badge-large.png
./debian/copyright: along with this program. If not, see
.
./debian/copyright: along with this program. If not, see
.

# Note the missing / at the end of the URL
$ env PERL5OPT=-m-lib=. license-reconcile
FormatSpec: Cannot recognize format: Format:
https://www.debian.org/doc/packaging-manuals/copyright-format/1.0 at
/usr/share/perl5/Debian/LicenseReconcile/App.pm line 222,  line
3.

# This command checks style. While a consistent style
# is a good idea, people who have different style
# preferences will want to ignore some of the output.
# Do not bother adding non-upstreamable patches for this.
$ find -type f -iname '*.py' -exec pep8 --ignore W191 {} +


$ find -type f -iname '*.py' -exec pyflakes {} +
./gkeyring.py:158: 'gtk' imported but unused

$ find -type f -iname '*.py' -exec pyflakes3 {} +
./gkeyring.py:189:26: invalid syntax
except ValueError, e:

$ find -type f -iname '*.py' -exec pylint --rcfile=/dev/null
--msg-template='{path}:{line}:{column}: [{category}:{symbol}] {obj}:
{msg}' --reports=n {} +


$ env PERL5OPT=-m-lib=. uscan --report-status --no-verbose
uscan warn: In watchfile debian/watch, reading webpage
  https://github.com/kparal/gkeyring/archive/ failed: 404 Not Found

-- 
bye,
pabs

https://wiki.debian.org/PaulWi