On Fri, Dec 9, 2011 at 1:30 AM, Christian Welzel wrote: > currently i try to get my typo3 packages into shape, so the > new version gets accepted by ftp-masters.
Here is a review of the package you uploaded to mentors.d.n recently: Why does the source and one binary package name include a version number? This sentence in one of the README.Debian files doesn't make sense to me: "For more details to typo3-dummy look there." You may want to run wrap-and-sort -s The Homepage field belongs in the source section of debian/control, not duplicated in all the binary sections. ttf-dejavu has been split up into ttf-dejavu-core and ttf-dejavu-extra, do you need them both? If not please update the dependency. The Vcs-Browser URL is 404. Please add a Vcs-Svn field. The blank lines and comments in debian/watch are not needed, remove them. Please add comments to your lintian overrides file indicating why you are overriding each tag. debian/compat is quite old, I would suggest using debhelper compat 7 or later. I wonder if adding a localconf.d directory and dropping a file in there is a better way of providing Debian-specific configs. Please work on getting your patches upstreamed. I'm not sure that 01-fontsreadme.patch is appropriate. 03-dummy-addindexpages.patch looks misguided, shouldn't your configuration examples and or generator simply turn off apache directory listing? I suppose it is useful as a last resort though. I don't it is a good idea to redirect to / though, the site might be installed at a different path in the domain name than /. I would instead suggest to put a message saying directory listing is not available. I am horrified that PHP exec() appears to take only a string instead of an array. I suggest you run away screaming. This comment brought to you by 06-fix-im-command.patch. After a bit more reading I found pcntl_exec, which seems to do the right thing. Please convince your upstream to switch to pcntl_exec and friends. debian/typo3-src-4.6.examples can be deleted or the contents uncommented. Have you looked at wwwconfig-common? The package unilaterally takes over /cms on any non-typo3 domains also hosted by the machine. This is bad if some user is using another CMS at that URL. Having a default password is a bad idea. There are quite a lot of duplicated files in the source package, you might like to inform upstream about that. rats finds a lot of potential vulnerabilities. There are a metric buttload of embedded code copies still: typo3/contrib/codemirror http://codemirror.net/ typo3/contrib/extjs libjs-extjs typo3/contrib/flashmedia/swfobject http://code.google.com/p/swfobject/ typo3/contrib/flashmedia/qtobject http://blog.deconcept.com/2005/01/26/web-standards-compliant-javascript-quicktime-detect-and-embed/ typo3/contrib/idna http://idnaconv.phlymail.de typo3/contrib/flashmedia/src/player/emff.as http://emff.sourceforge.net/ typo3/contrib/modernizr http://www.modernizr.com typo3/contrib/pear/* various projects typo3/contrib/swfupload http://swfupload.googlecode.com typo3/contrib/websvg http://code.google.com/p/svgweb/ various parts of typo3/sysext Sourceless files: typo3/contrib/flashmedia/swfobject/swfobject.js typo3/contrib/modernizr/modernizr.min.js typo3/contrib/websvg/svg.js At this point I stopped reviewing the package because of all the embedded code copies. -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/CAKTje6F8LrA7dksc2Tze9K9RH2igyzW0oQg=dadjcvwu70w...@mail.gmail.com
