Bug#660519: Re[2]: Bug#660519: RFS: manaplus/1.2.2.19
Tue, 13 Mar 2012 13:28:21 +0800 от Paul Wise p...@debian.org: On Tue, Mar 6, 2012 at 8:43 AM, andrei karas wrote: ... I removed most duplicates. Some left because this files accessed by physfs and in physfs soft links not allowed. I allow it only for fonts enumeration. I see, please file a bug on physfs upstream about this issue. DIsabled soft links i think is security feature from physfs. Possible allow soft links, but i dont want do this without big reason. ... Some dont fixed other is by design in internal commands/events. Ah, OK. If you want to add an explanation for that you can override the lintian warning and add a comment in the override file. It's only information message i prefer not add overrides to it. Here is an updated review: In the registration process there is an option for Male or Female. I would suggest removing that or adding an Other category since both gender and biological sex have more options than that. Often people who do not fit into either of these categories will be very offended to have to label themselves as Male or Female. I can't remove this because it required by server. But i add Other gender in next version. New value can work only in Evol Online server after next server update. The initial download when logging into a server is quite big, is that a per-server thing like with web browsers or can it be added to Debian? Yes, it's per server. Images, maps, tilesets, etc. Possible in future i can package this files. Manaplus will use this files and missing or new updates from server. The first line in debian/copright should point at this URL instead now: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Fixed You might want to switch to debhelper compat 9 so that manaplus gets built with security hardening compiler flags. This is especially important since manaplus is a network client. Thanks, switched. link here: http://mentors.debian.net/debian/pool/main/m/manaplus/manaplus_1.2.3.4-1.dsc
Bug#660519: Re[2]: Bug#660519: RFS: manaplus/1.2.2.19
Tue, 13 Mar 2012 13:28:21 +0800 от Paul Wise p...@debian.org: On Tue, Mar 6, 2012 at 8:43 AM, andrei karas wrote: ... I removed most duplicates. Some left because this files accessed by physfs and in physfs soft links not allowed. I allow it only for fonts enumeration. I see, please file a bug on physfs upstream about this issue. DIsabled soft links i think is security feature from physfs. Possible allow soft links, but i dont want do this without big reason. ... Some dont fixed other is by design in internal commands/events. Ah, OK. If you want to add an explanation for that you can override the lintian warning and add a comment in the override file. It's only information message i prefer not add overrides to it. Here is an updated review: In the registration process there is an option for Male or Female. I would suggest removing that or adding an Other category since both gender and biological sex have more options than that. Often people who do not fit into either of these categories will be very offended to have to label themselves as Male or Female. I can't remove this because it required by server. But i add Other gender in next version. New value can work only in Evol Online server after next server update. The initial download when logging into a server is quite big, is that a per-server thing like with web browsers or can it be added to Debian? Yes, it's per server. Images, maps, tilesets, etc. Possible in future i can package this files. Manaplus will use this files and missing or new updates from server. The first line in debian/copright should point at this URL instead now: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Fixed You might want to switch to debhelper compat 9 so that manaplus gets built with security hardening compiler flags. This is especially important since manaplus is a network client. Thanks, switched. link here: http://mentors.debian.net/debian/pool/main/m/manaplus/manaplus_1.2.3.4-1.dsc
Bug#660519: Re[2]: Bug#660519: RFS: manaplus/1.2.2.19
On Tue, Mar 6, 2012 at 8:43 AM, andrei karas wrote: Now i not sure. For me now task add manaplus to debian, after we will see. Ok, I would encourage you to join the team and help out with other games too. For now no, but in future yes. Now server not in state for packaging, need many work for adapt it to work from separate directories. Also it can work only in 32 bit version. Server from what it forked storing pointers in int and have some other 64 bit issues. Fair enough. Registration is simple, In game client need press register and enter login and password. I can create preregistered account but not sure what password i can put in public, because some one can change it after. Gotcha. SVG image was not drawed for manaplus, but used same as in mana. I removed it For other one image i add xcf file, but sad it in 2.7 gimp format or like this. I also removed some themes because license GPL and i dont have response from author about sources. Other themes relicensed from GPL to CC-BY-SA. Other themes from data/graphics/gui is a bit modified theme from mana client/package data/themes/wood is theme from tmw package (branding for mana) tmw and mana now in debian and i think if it accepted, then this themes here can be accepted too. ... It based in one of ogg files from The Mana World sounds. I simple cut and add delay to one channel. I can include ogg file as source if need. Also in new version i add sounds from psiplus package converted to ogg and some renamed. Should i also include source wav files? It sounds like you have included the source as you are using it and prefer it. I would encourage you to reconsider what the most useful form for modification of your audio/graphics is; personally I would not consider premixed audio or prerendered graphics to be my preferred form for modification: http://www.freedesktop.org/wiki/Games/Upstream#Source Manaplustest need for autocheck graphics settings/speed and add it to configuration. Desktop file removed. Thanks. I thinking about SDL-Pango not sure is it good to use it here. Since you are using SDL-TTF, SDL-Pango is the best choice here IMO. About fontconfig. Is possible with it create link to fonts with given names? Search for fontconfig in this code that I wrote, it is pretty easy: http://chromium-bsu.git.sourceforge.net/git/gitweb.cgi?p=chromium-bsu/chromium-bsu;a=blob;f=src/TextFTGL.cpp I left system call for now, but strict text what can be given to it. (only static or always safe strings allowed) Good, please consider switching to exec in the future though. I thinking about this. This possible in future versions. Cool. I removed most duplicates. Some left because this files accessed by physfs and in physfs soft links not allowed. I allow it only for fonts enumeration. I see, please file a bug on physfs upstream about this issue. This is all false positives. The first one is definitely not since the destructor does not delete the OpenGLGraphicsVertexes object. The second one indeed seems to be a false positive, please file a bug on cppcheck upstream. Some dont fixed other is by design in internal commands/events. Ah, OK. If you want to add an explanation for that you can override the lintian warning and add a comment in the override file. current dsc file: http://mentors.debian.net/debian/pool/main/m/manaplus/manaplus_1.2.3.4-1.dsc Here is an updated review: In the registration process there is an option for Male or Female. I would suggest removing that or adding an Other category since both gender and biological sex have more options than that. Often people who do not fit into either of these categories will be very offended to have to label themselves as Male or Female. The initial download when logging into a server is quite big, is that a per-server thing like with web browsers or can it be added to Debian? The first line in debian/copright should point at this URL instead now: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ You might want to switch to debhelper compat 9 so that manaplus gets built with security hardening compiler flags. This is especially important since manaplus is a network client. -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAKTje6HN94=dycpazgchdkbrxjsutnrfds3wfi8hoyoofrz...@mail.gmail.com
Bug#660519: Re[2]: Bug#660519: RFS: manaplus/1.2.2.19
Thanks for review. manaplus updated to version 1.2.3.4 22 февраля 2012, 05:23 от Paul Wise p...@debian.org: Here is another review of manaplus: If you contact upstream as a result of this review, please point them at these two pages: http://wiki.debian.org/UpstreamGuide http://www.freedesktop.org/wiki/Games/Upstream I am upstream Did you intend for this to be maintained as part of the Debian games team? Now i not sure. For me now task add manaplus to debian, after we will see. Do you intend to package the servers for manaplus too? For now no, but in future yes. Now server not in state for packaging, need many work for adapt it to work from separate directories. Also it can work only in 32 bit version. Server from what it forked storing pointers in int and have some other 64 bit issues. All the servers appear to require a login to play, are there any I could use for 'testing' the game without registering? Registration is simple, In game client need press register and enter login and password. I can create preregistered account but not sure what password i can put in public, because some one can change it after. Please consider wrapping debian/menu with one item per line. description= is not valid in debian/menu, you want longtitle= IIRC. Fixed. xz compression is better than bzip2, have you considered switching? Personally I don't think the package is large enough to bother switching from gzip though. for debian/* files i switched to gz, for tarball to xz. Look like this modes giving better compressing Some of the images were created in Inkscape or GIMP but there are no source SVG or XCF images, that might be a GPL/DFSG violation. SVG image was not drawed for manaplus, but used same as in mana. I removed it For other one image i add xcf file, but sad it in 2.7 gimp format or like this. I also removed some themes because license GPL and i dont have response from author about sources. Other themes relicensed from GPL to CC-BY-SA. Other themes from data/graphics/gui is a bit modified theme from mana client/package data/themes/wood is theme from tmw package (branding for mana) tmw and mana now in debian and i think if it accepted, then this themes here can be accepted too. There is one pre-mixed, pre-encoded audio file, could you ask upstream about how it was created? It based in one of ogg files from The Mana World sounds. I simple cut and add delay to one channel. I can include ogg file as source if need. Also in new version i add sounds from psiplus package converted to ogg and some renamed. Should i also include source wav files? In the upstream .desktop files, none of the language-specific Icon or Name lines appear to be needed. Fixed You are installing the upstream PNG icon into the wrong location, it should be /usr/share/pixmaps since none of the /usr/share/icons/hicolor/*/apps/ dirs are for the same resolution as the image. Please also install manaplus.svg into /usr/share/icons/hicolor/scalable/apps/ and use python-scour to strip down the installed image. I think fixed only without svg. The manaplus.svg file looks slightly different to manaplus.png and the other files, it looks like that means the source SVG for manaplus.png is missing and there is a GPL/DFSG violation. There is no need to install manaplusttest at all IMO since it does nothing useful to users, please get upstream to disable that. If they are not willing to do that, please at least remove the desktop file for it. Manaplustest need for autocheck graphics settings/speed and add it to configuration. Desktop file removed. Please ask upstream to use fontconfig to find font files on Linux or switch to a font rendering system that does that (such as SDL-Pango, QuesoGLC). Then you will not need to use those symlinks, which are fragile when font paths move around and are not portable between Linux distros. I thinking about SDL-Pango not sure is it good to use it here. I cant use QuesoGLC because look like it only for opengl. But here exists software and two opengl backends. About fontconfig. Is possible with it create link to fonts with given names? Some of the upstream code has the wrong address for the FSF in the license grant, please let them know about that. Fixed. Some of the copyright/license information is missing from debian/copyright. Please audit every file, licensecheck --copyright helps to find missed stuff though. I think fixed. You are missing a depends on x11-utils because the code uses xmessage to display errors. Fixed I'm not sure if any of the errors contain untrusted network/other input, but it is not a good idea to use the system() function for anything other than constant commands. Please send upstream a patch to use the exec family of functions, they are the only ones that are guaranteed to be safe from arbitrary code execution in the face of untrusted input. I left system call for now, but strict text what
