On Sun, Jun 12, 2011 at 09:00, Alexander Shulgin <[email protected]> wrote: > On Fri, Jun 10, 2011 at 18:55, Karl Berry <[email protected]> wrote: >> Hello savannah folk (and anyone else reading this :), >> >> We greatly need more people to help with the incoming savannah support >> requests and new project submissions. Even if it's just handling a >> couple of requests on the weekend, it would make a big difference to >> have more people contributing. >> >> Any chance of (re)finding time for this? > > Hm... I think I could try jumping back. Will get in touch soon.
So I've spent a few hours today putting up a helper script to aid in
analyzing new project submissions.
It's pretty dumb in general, but rather sophisticated in details (e.g.
when it comes to analyzing tarballs.) What it currently does is
simply extracts a tarball given on command line (while avoiding to
fall in a tarbomb trap,) then runs a simple `find | xargs file
--mime-type` to gather a summary of file types found in the archive.
This summary is meant to serve as a good starting point for the
following manual analysis of
common packaging/licensing problems.
A sample session is like the following:
$ ./savannah-analyze screenwriter.tar.gz
Analyzing: screenwriter.tar.gz...
It's a tarbomb! Cutting some wires...
Creating target directory: screenwriter...
Extracting to: screenwriter...
Gathering file type information...
File type summary:
18 text/x-shellscript
11 text/plain
6 application/x-gzip
3 application/octet-stream
2 text/x-lisp
Detailed file types list saved to: screenwriter-filetypes
This is only a starting point. A few features I envision would be nice to have:
1. Fetching the tarball straight from the URL.
2. Checking COPYING file against standard versions of GPLv2,3, etc.
3. Checking for GPL comment headers.
4. Checking for packaging cruft like SCM metadata directories (.svn, .git, etc.)
5. Checking for common packaging pitfalls: missing COPYING or LICENSE, etc.
6. You name it! :)
I'm now attaching the script here, but maybe there is something like a
github account for savannah hackers?..
Thoughts?
--
Cheers,
Alex
savannah-analyze
Description: Binary data
