Thanks for the comments. I will try to address all your points, and fix them!!!
On Sun, Dec 12, 2010 at 17:58, Paul Wise <[email protected]> wrote: > 2010/12/9 Daniel Lombraña González <[email protected]>: > >> I am looking for a sponsor for my package "jarifa". > > A review of the source package: > > Your upstream version should be 1.0~rc8 since that sorts before 1.0 > and rc usually means release candidate. > > debian/patches/debian-changes-1.0-rc8-1 looks like it can be removed > or applied upstream. > > Please add a debian/watch file (see uscan manual page for details). > > You might want to wrap the Depends line in debian/control since it is > very long. I like to split the line after every comma. > > Can jarifa not connect to a MySQL server over the network? If so you > might want to demote mysql-server to recommends. > > README.source looks like it belongs in the upstream README since it is > not Debian specific. > > You add a symlink to ttf-dejavu fonts but do not depend on it. At the > very least I would say you need a Recommend. > > Please switch jarifa to a randomly generated password instead of a > static easily guessable one when the user does not set a password. > > www-data is defined in base-passwd so I think you can set permissions > on /usr/share/jarifa/img/stats at build time instead of in > postinstall. > > Why does your prerm remove files from /usr? I think maybe your > software should use /var/lib/jarifa instead for runtime-created data. > > I would replace your debian/rules file with > /usr/share/doc/debhelper/examples/rules.tiny and add "conf/jarifa.sql > usr/share/dbconfig-common/data/jarifa/install/mysql" to > debian/jarifa.install. > > libchart-1.2 is an embedded code copy (with its own embedded font > copy), please remove it from the tarball and package it separately. > db_conn.inc is similar, but I'm wondering why I don't see that in the > boinc package in Debian. > > These files look like they were created in Inkscape/GIMP but I don't > see any SVG/XCF source for them: computer.png cpus.png credit.png > supplier.png volunteer.png. > > I wonder what the license/source for vcss.png is, since it looks like > an image from the W3C. Same for agplv3.png since it is an FSF image. > > Why is there a lang/es_ES.utf8/LC_MESSAGES/messages.mo but no > lang/es_ES.utf8/LC_MESSAGES/messages.po? > > Have you had the PHP code audited for vulnerabilities or run any > automated exploit finding tools against jarifa? Examples of such tools > available in Debian include w3af wapiti sqlmap rats. owasp.org is a > good place to go to learn about web application security. > > Your jarifa.apache.conf forces jarifa to be available at /jarifa on > all apache vhosts. As a sysadmin I would expect to be either asked > what vhost, URL path to configure jarifa at or expect me to configure > it manually based on an example config. > > lintian complaints: > > I: jarifa source: no-complete-debconf-translation > I: jarifa source: debian-watch-file-is-missing > > -- > bye, > pabs > > http://wiki.debian.org/PaulWise > > > -- > To UNSUBSCRIBE, email to [email protected] > with a subject of "unsubscribe". Trouble? Contact [email protected] > Archive: > http://lists.debian.org/[email protected] > > -- ·························································································································································· http://jarifa.unex.es/ http://www.flickr.com/photos/teleyinex ·························································································································································· Por favor, NO utilice formatos de archivo propietarios para el intercambio de documentos, como DOC y XLS, sino HTML, RTF, TXT, CSV o cualquier otro que no obligue a utilizar un programa de un fabricante concreto para tratar la información contenida en él. ··························································································································································
