Hi Jörg, Please don't forget to cc your RFS bug (#744045).
On Sun, Apr 13, 2014 at 7:31 AM, Jörg Frings-Fürst <[email protected]> wrote: > Hallo, > > Am Samstag, den 12.04.2014, 01:12 -0700 schrieb Vincent Cheng: >> Control: tag -1 + moreinfo >> >> On Wed, Apr 9, 2014 at 7:17 AM, Jörg Frings-Fürst >> <[email protected]> wrote: >> > Package: sponsorship-requests >> > Severity: normal [important for RC bugs, wishlist for new packages] >> > > [...] >> >> Please use upstream's tarball (assuming that [1] is the correct >> source, please use the ones that don't have dependencies bundled >> inside) directly as your orig tarball, and apply the contents of >> "bug604256.tar.gz" and any other diffs as quilt patches, unless >> there's a good reason for the current tarball-in-a-tarball approach >> (if there is, please explain). Also remove your debian packaging from >> the source tarball. >> > > Changes since the last upload: > > * rename version from the orig-tarball > * replace old tarball-in-tarball with the the orig-tarball > * remove > - patches included in tarball > - debian/README.source > * add hardenning-wrapper to Build-Depends > * rewrite debian/rules > * rename debian/patches/xsd_xsdcxx-rename.patch to > 0001-xsd_xsdcxx-rename.patch > * add file xsdcxx.lintian-overrides > - duplicate-files > - debian-watch-may-check-gpg-signature > - no-upstream-changelog > * change debian/compat to 9 > Here's a laundry list of things that can be improved in your packaging: - debian/copyright should contain per-file license information (if this was a NEW package, it would get rejected by ftpmasters for failing this), e.g. not all files are under GPLv2; some are public domain, like xsd/examples/cxx/parser/hello/driver.cxx). I suggest using DEP-5 [1] to ease the task of documenting this, but free-form debian/copyright is still ok as long as everything is documented. You can also take advantage of licensecheck (from the devscripts package), but you'll still have to manually check the source. - collapse your debian/changelog entries into a single entry; I'd suggest versioning your current package as 3.3.0.2-1, leaving the "+dep" out - your watch file is broken: $ uscan --report-status Processing watchfile line for package xsd... Newest version on remote site is 3.3.0-2+, local version is 3.3.0.2+dep xsd: remote site does not even have current version - remove Vcs-Arch from debian/control (see Policy 5.6.26 [2] for what it's actually supposed to be used for) - (pedantic) removing the unnecessary quilt build-dep and running wrap-and-sort to have the build-deps listed in alphabetical order would be nice - (pedantic) I'd suggest not overriding lintian tags that are actually valid (no-upstream-changelog, debian-watch-may-check-gpg-signature); you can safely just ignore those tags instead - (pedantic) debian/rules: compress (gzip) your installed manpage and changelog (or use dh_install{man,docs} which would do that for you, instead of a single override_dh_auto_install target) Also, is there a timeline on when you plan on tackling the issues in debian/TODO (i.e. are you waiting for some changes to be made upstream, or is it just lack of time that's hindering you for now, etc.)? Regards, Vincent [1] https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ [2] https://www.debian.org/doc/debian-policy/ch-controlfields.html#s-f-VCS-fields -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/CACZd_tBUJVkQR9UVAezCc2oaS320HrnpXAx-Xk=jdu+j-t9...@mail.gmail.com
