2010/12/9 Daniel Lombraña González <[email protected]>: > I am looking for a sponsor for my package "jarifa".
A review of the source package: Your upstream version should be 1.0~rc8 since that sorts before 1.0 and rc usually means release candidate. debian/patches/debian-changes-1.0-rc8-1 looks like it can be removed or applied upstream. Please add a debian/watch file (see uscan manual page for details). You might want to wrap the Depends line in debian/control since it is very long. I like to split the line after every comma. Can jarifa not connect to a MySQL server over the network? If so you might want to demote mysql-server to recommends. README.source looks like it belongs in the upstream README since it is not Debian specific. You add a symlink to ttf-dejavu fonts but do not depend on it. At the very least I would say you need a Recommend. Please switch jarifa to a randomly generated password instead of a static easily guessable one when the user does not set a password. www-data is defined in base-passwd so I think you can set permissions on /usr/share/jarifa/img/stats at build time instead of in postinstall. Why does your prerm remove files from /usr? I think maybe your software should use /var/lib/jarifa instead for runtime-created data. I would replace your debian/rules file with /usr/share/doc/debhelper/examples/rules.tiny and add "conf/jarifa.sql usr/share/dbconfig-common/data/jarifa/install/mysql" to debian/jarifa.install. libchart-1.2 is an embedded code copy (with its own embedded font copy), please remove it from the tarball and package it separately. db_conn.inc is similar, but I'm wondering why I don't see that in the boinc package in Debian. These files look like they were created in Inkscape/GIMP but I don't see any SVG/XCF source for them: computer.png cpus.png credit.png supplier.png volunteer.png. I wonder what the license/source for vcss.png is, since it looks like an image from the W3C. Same for agplv3.png since it is an FSF image. Why is there a lang/es_ES.utf8/LC_MESSAGES/messages.mo but no lang/es_ES.utf8/LC_MESSAGES/messages.po? Have you had the PHP code audited for vulnerabilities or run any automated exploit finding tools against jarifa? Examples of such tools available in Debian include w3af wapiti sqlmap rats. owasp.org is a good place to go to learn about web application security. Your jarifa.apache.conf forces jarifa to be available at /jarifa on all apache vhosts. As a sysadmin I would expect to be either asked what vhost, URL path to configure jarifa at or expect me to configure it manually based on an example config. lintian complaints: I: jarifa source: no-complete-debconf-translation I: jarifa source: debian-watch-file-is-missing -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
