Bug#976260: RFS: opentype-sanitizer/8.1.0-1 [ITP] -- tools to validate and sanitize OTF/TTF/WOFF/WOFF2 font files
On Fri, 2020-12-04 at 16:16 +0100, Romain Porte wrote: > Version opentype-sanitizer_8.1.1+dfsg.1-1 uploaded to mentors. Uploaded to NEW. For future uploads please file an RFS again and I will get to it when I am able to do so. > Done, two warnings remain with `lintian -EviIL +pedantic`: lintian 2.104.0 also shows this one: I: opentype-sanitizer source: out-of-date-standards-version 4.5.0 (released 2020-01-20) (current is 4.5.1) > This is intentional, to introduce the most used tool first for other > packages to advance. Adding libfreetype2 will provide additional > binaries which I do not intent to write man pages at the moment, as > these tools are less used and not depended on by other packages. This > can be fixed in a later 8.1.1+dfsg.1-2 release. It is perfectly acceptable to have binaries without manual pages, especially if they print usage information from --help or similar. Agreed that this can be fixed later though. One additional thing to fix for the next upload: The BSD license text you have adopted is not quite the same as the upstream one, so in theory they should be the BSD-3-Clause-Google and the BSD-3-Clause-Debian licenses rather than both BSD-3-Clause. If you were to adopt the exact same license text for both then you could deduplicate the licenses in debian/copyright like this: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/#examples Files: * Copyright: 2009-2017 The OTS Authors. License: BSD-3-Clause Files: debian/* Copyright: 2020 Romain Porte License: BSD-3-Clause License: BSD-3-Clause -- bye, pabs https://wiki.debian.org/PaulWise signature.asc Description: This is a digitally signed message part
Bug#976260: RFS: opentype-sanitizer/8.1.0-1 [ITP] -- tools to validate and sanitize OTF/TTF/WOFF/WOFF2 font files
Hi Paul, Version opentype-sanitizer_8.1.1+dfsg.1-1 uploaded to mentors. 2020-12-04 04:26 CET, Paul Wise: > On Thu, Dec 3, 2020 at 1:09 PM Romain Porte wrote: > > > Uploaded a new version +dfsg.1-1 on mentors with your explanation in > > debian/copyright as suggested by Lintian. > The URLs pointed to by the Vcs-* fields in debian/control do not > appear to exist. Repository created to reserve the name: https://salsa.debian.org/fonts-team/opentype-sanitizer I will however push after upload has been done to avoid to --force in case of any correction. > Please update the package to the new upstream release 8.1.1. Done. > Please fix the remaining minor lintian complaints where possible. Done, two warnings remain with `lintian -EviIL +pedantic`: * debian-watch-does-not-check-gpg-signature: uptream does not currently sign releases. I can create a issue on their bugtracker, but this should not impact first upload. * patch-not-forwarded-upstream: upstream is currently working on a fix to use system dependencies with a person from the Fedora project. While this is still in design process local patch will be kept. > Please remove the debmake template comments from debian/rules if you > aren't going to use them, although uncommenting the hardening one will > fix one lintian complaint. Done. > The debian/copyright file indicates that the debian/ directory is > licensed under the GNU GPLv3+. Usually it is recommended to use the > same license as upstream, so that upstream can easily adopt anything > that Debian includes in our package. This is especially important for > manual pages and patches. Good to know, done. > I suggest using wrap-and-sort with these arguments to make it easier > to read diffs of the debian/ directory. You seem to have already used > most of these. > > wrap-and-sort --short-indent --wrap-always --sort-binary-packages > --trailing-comma Done. > I note that the build process searches for freetype but the package > does not build-depend on it, is that intentional? This is intentional, to introduce the most used tool first for other packages to advance. Adding libfreetype2 will provide additional binaries which I do not intent to write man pages at the moment, as these tools are less used and not depended on by other packages. This can be fixed in a later 8.1.1+dfsg.1-2 release. > I note that the build uses a static library rather than a private > shared library for libots, which bloats the package slightly. No intent to change this at the moment, but it will probably be required as upstream python-ots package is compiling the project from scratch. Introducing a .so may help, but upstream is biased towards static linking so to be negociated. > Please forward the GCC warnings from the build log (or a patch fixing > them) to upstream. Done: https://github.com/khaledhosny/ots/issues/228 Did not patch because the resolution is not obvious. Best regards, Romain. signature.asc Description: PGP signature
Bug#976260: RFS: opentype-sanitizer/8.1.0-1 [ITP] -- tools to validate and sanitize OTF/TTF/WOFF/WOFF2 font files
On Thu, Dec 3, 2020 at 1:09 PM Romain Porte wrote: > Uploaded a new version +dfsg.1-1 on mentors with your explanation in > debian/copyright as suggested by Lintian. Here is a review of the package: There do not appear to be any further issues that would block the upload. So I am willing to sponsor the package on the condition that once opentype-sanitizer enters Debian, you contribute a check for running it to check-all-the-things. https://github.com/collab-qa/check-all-the-things/ These issues would be nice to fix at some point: The URLs pointed to by the Vcs-* fields in debian/control do not appear to exist. Please update the package to the new upstream release 8.1.1. Please fix the remaining minor lintian complaints where possible. Please remove the debmake template comments from debian/rules if you aren't going to use them, although uncommenting the hardening one will fix one lintian complaint. The debian/copyright file indicates that the debian/ directory is licensed under the GNU GPLv3+. Usually it is recommended to use the same license as upstream, so that upstream can easily adopt anything that Debian includes in our package. This is especially important for manual pages and patches. I suggest using wrap-and-sort with these arguments to make it easier to read diffs of the debian/ directory. You seem to have already used most of these. wrap-and-sort --short-indent --wrap-always --sort-binary-packages --trailing-comma I note that the build process searches for freetype but the package does not build-depend on it, is that intentional? I note that the build uses a static library rather than a private shared library for libots, which bloats the package slightly. Please forward the GCC warnings from the build log (or a patch fixing them) to upstream. The following tools run by check-all-the-things produce output that you may want to review and or forward upstream: cppcheck anorack bashate blhc clang-check clang-tidy scan-build codespell cme check dpkg doc8 duck grep -nHrF http: shellcheck proselint spellintian wrap-and-sort yamllint -- bye, pabs https://wiki.debian.org/PaulWise
Bug#976260: RFS: opentype-sanitizer/8.1.0-1 [ITP] -- tools to validate and sanitize OTF/TTF/WOFF/WOFF2 font files
Hi, 2020-12-03 05:40 CET, Paul Wise: > The package (and upstream) is missing copyright and license > information for all of the test fonts. Some of them contain no license > information, so it isn't clear that they are legal for Debian (and > upstream) to redistribute. There are no source files for any of them, > which could be a violation of DFSG item 2. Some of them are SIL OFL > licensed, with reserved font names, which means that modifying them is > a license violation unless you also rename them. Personally I would > remove the test fonts from the Debian source package. Uploaded a new version +dfsg.1-1 on mentors with your explanation in debian/copyright as suggested by Lintian. Also updated debian/watch to correclty remove the suffix as suggested by Lintian and https://wiki.debian.org/debian/watch#Common_mistakes. Best regards, Romain. signature.asc Description: PGP signature
Bug#976260: RFS: opentype-sanitizer/8.1.0-1 [ITP] -- tools to validate and sanitize OTF/TTF/WOFF/WOFF2 font files
On Wed, Dec 2, 2020 at 11:45 AM Romain Porte wrote: > dget -x > https://mentors.debian.net/debian/pool/main/o/opentype-sanitizer/opentype-sanitizer_8.1.0-1.dsc The package (and upstream) is missing copyright and license information for all of the test fonts. Some of them contain no license information, so it isn't clear that they are legal for Debian (and upstream) to redistribute. There are no source files for any of them, which could be a violation of DFSG item 2. Some of them are SIL OFL licensed, with reserved font names, which means that modifying them is a license violation unless you also rename them. Personally I would remove the test fonts from the Debian source package. -- bye, pabs https://wiki.debian.org/PaulWise
Bug#976260: RFS: opentype-sanitizer/8.1.0-1 [ITP] -- tools to validate and sanitize OTF/TTF/WOFF/WOFF2 font files
Package: sponsorship-requests Severity: wishlist Dear mentors, I am looking for a sponsor for my package "opentype-sanitizer": * Package name: opentype-sanitizer Version : 8.1.0-1 Upstream Author : Khaled Hosny * URL : https://github.com/khaledhosny/ots * License : BSD-3-Clause * Vcs : https://salsa.debian.org/fonts-team/opentype-sanitizer Section : fonts It builds those binary packages: opentype-sanitizer - tools to validate and sanitize OTF/TTF/WOFF/WOFF2 font files To access further information about this package, please visit the following URL: https://mentors.debian.net/package/opentype-sanitizer/ Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/o/opentype-sanitizer/opentype-sanitizer_8.1.0-1.dsc Changes for the initial release: opentype-sanitizer (8.1.0-1) unstable; urgency=low . * Initial release. Closes: #975983 Regards, -- Romain Porte