Bug#1055448: RFS: libsilkit/4.0.37-1 [ITP] -- Simulation in the loop kit by Vector
Hi Tobias, Thank you for the quick review. I will try to provide some quick feedback/acknowledgement as well below. On Sun, 12 Nov 2023 11:17:36 +0100 Tobias Frost wrote: > Control: tags -1 moreinfo > > Hi Jan, > > Thanks for your RFS! > as you are listed as upstream contact, let me, as I always do, point you to > https://wiki.debian.org/UpstreamGuide > > As this is your first package your are maintaining, please also read > https://mentors.debian.net/intro-maintainers/ > > This part of the CONTRIBUTING.md concerns me: > We are sorry, but at the moment, we do not accept external contributions >until > wehave established a contribution process. We're working behind the scenes >to > get this ready in the future. Until then, we would kindly ask you to not >open pull > requests. > > This stanca is older than a year (Aug 2022), so when will this happen? > > Sorry to be blunt, but putting a DFSG license on a piece of software and > then saying we do not accept contributions, is (IMHO) not within the > spirit of the Open Source Community, even if it might on paper fullfil > the DFSG. > > This is also problematic for maintaining the package, as how should we, > as Debian, upstream patches, for example if you are go missing for > whatever reasons? Effectively, we would need to maintain a fork, and > that is certainly nothing Vector could want. > > I'd say this brings the RFS very close to the "wontfix" territory, > certainly I will not sponsor this upload, but other sponsors might. > (The review below is partial, done until I saw the README.) > Our team knows that this is not ideal from a community perspective and we are working towards a solution. I will try to get back to you ASAP on these points. > In Debian we do not package every software. So maybe I'll need a salse > pitch here: > - Why does Vector want it in the Debian archives? > - Why would Debian want it to be in the Debian archives? > - Are there other projects using the library that you intend to package > for Debian? > I will probably bundle this with the answer above since both deal with Vectors overall FOSS strategy. > On Mon, Nov 06, 2023 at 12:57:23PM +, > =?UTF-8?Q?Kr=C3=a4...@buxtehude.debian.org wrote: > > > * Package name : libsilkit > > Version : 4.0.37-1 > > Upstream contact : jan.krae...@vector.com > > * URL : https://github.com/vectorgrp/sil-kit > > * License : MIT > > * Vcs : https://github.com/vectorgrp/sil-kit > > Section : libs > > > > The source builds the following binary packages: > > > > libsilkit-dev - Development packages for libsilkit > > libsilkit4 - Simulation in the loop kit by Vector > > > > To access further information about this package, please visit the > > following URL: > > > > https://mentors.debian.net/package/libsilkit/ > > > > Alternatively, you can download the package with 'dget' using this command: For some reason the last part of your email is omitted from the quote, but it seems I missed quite some stuff. Thanks though for the feedback. I will work on a revised version now and update the bug report once it is uploaded. I still have some questions: - Is it permitted to update the libsilkit version (to 4.0.39) within the review process? - The only remaining vendoring is GoogleTest, which is only used for the unit/integration tests which are not shipped by the package. Is this allowed or should we use the systems libraries here as well? - Related, if this is allowed, do we need to include the License information, since we do not ship source files nor object files compiled with these source files in the binary package? Cheers and thanks again for the review, Jan
Bug#1055912: RFS: python-scienceplots/2.1.0-3 -- Matplotlib styles for scientific figures
Package: sponsorship-requests Severity: normal X-Debbugs-Cc: kd8...@gmail.com Dear mentors, I am looking for a sponsor for my package "python-scienceplots": * Package name : python-scienceplots Version : 2.1.0-3 Upstream contact : John Garrett * URL : https://github.com/garrettj403/SciencePlots * License : Expat * Vcs : https://salsa.debian.org/yogu/python-scienceplots Section : python The source builds the following binary packages: python3-scienceplots - Matplotlib styles for scientific figures To access further information about this package, please visit the following URL: https://mentors.debian.net/package/python-scienceplots/ Alternatively, you can download the package with 'dget' using this command: dget -x https://mentors.debian.net/debian/pool/main/p/python-scienceplots/python-scienceplots_2.1.0-3.dsc Changes since the last upload: python-scienceplots (2.1.0-3) unstable; urgency=medium . * Included PYBUILD_NAME. (Closes: #1055910) * Removed unnecessary depends, pre-depends in binary. * Removed unnecessary files from python3-scienceplots.docs. * Revised copyright License as Expat. Regards, -- Yogeswaran Umasankar
Bug#1055911: RFS: python-art/6.1-3 -- ASCII art
Package: sponsorship-requests Severity: normal X-Debbugs-Cc: kd8...@gmail.com Dear mentors, I am looking for a sponsor for my package "python-art": * Package name : python-art Version : 6.1-3 Upstream contact : Sepand Haghighi * URL : https://github.com/sepandhaghighi/art * License : Expat * Vcs : https://salsa.debian.org/yogu/python-art Section : python The source builds the following binary packages: python3-art - ASCII art To access further information about this package, please visit the following URL: https://mentors.debian.net/package/python-art/ Alternatively, you can download the package with 'dget' using this command: dget -x https://mentors.debian.net/debian/pool/main/p/python-art/python-art_6.1-3.dsc Changes since the last upload: python-art (6.1-3) unstable; urgency=medium . * Corrected PYBUILD_NAME. (Closes: #1055906) * Removed unnecessary depends, pre-depends in binary. * Removed unnecessary files from python3-art.docs. * Revised copyright License as Expat. Regards, -- Yogeswaran Umasankar
Bug#1055889: RFS: urlview/1b-1 [ITA] -- Extracts URLs from text
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "urlview": * Package name : urlview Version : 1b-1 Upstream contact : https://lists.sr.ht/~nabijaczleweli/urlview-ng * URL : https://sr.ht/~nabijaczleweli/urlview-ng * License : 0BSD, GPL-2+ * Vcs : https://git.sr.ht/~nabijaczleweli/urlview.deb Section : misc The source builds the following binary packages: urlview - Extracts URLs from text To access further information about this package, please visit the following URL: https://mentors.debian.net/package/urlview/ Alternatively, you can download the package with 'dget' using this command: dget -x https://mentors.debian.net/debian/pool/main/u/urlview/urlview_1b-1.dsc Changes since the last upload: urlview (1b-1) unstable; urgency=medium . * New maintainer (Closes: #1051204) * d/watch, d/upstream/signing-key.asc: new for urlview-ng upstream * New upstream version 1b (+ changelog & NEWS) (Closes: #127090, #161620, #631481, #690405, #983417, #985259, #988055) * d/system.urlview, d/url_handler.sh, d/patches: remove, merged upstream * d/postrm, d/dhelp, d/README.Debian: remove * d/tests: rewrite * d/rules, d/copyright: new for urlview-ng * d/upstream/metadata: add for urlview-ng Regards, -- наб signature.asc Description: PGP signature
Bug#1055886: RFS: ruby-mdl/0.13.0-3 -- Markdown lint tool - transitional dummy package
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "ruby-mdl": * Package name : ruby-mdl Version : 0.13.0-3 Upstream contact : ["p...@ipom.com"] * URL : https://github.com/markdownlint/markdownlint * License : MIT * Vcs : https://salsa.debian.org/nbehrnd/ruby-mdl Section : text The source builds the following binary packages: markdownlint - Markdown lint tool ruby-mdl - Markdown lint tool - transitional dummy package To access further information about this package, please visit the following URL: https://mentors.debian.net/package/ruby-mdl/ Alternatively, you can download the package with 'dget' using this command: dget -x https://mentors.debian.net/debian/pool/main/r/ruby-mdl/ruby-mdl_0.13.0-3.dsc Changes since the last upload: ruby-mdl (0.13.0-3) unstable; urgency=medium . * address manpage problem - capitalize TH entry in manpage - provide manpages for ruby-mdl and mdl - add suggest to update mandb after removal of ruby-mdl Regards,
Bug#1053565: RFS: openvpn3-client/20+dfsg-1 [ITP] -- virtual private network daemon (version 3)
06.10.2023 16:03, Marc Leeman wrote: * Package name : openvpn3-client BTW, why it is named this way? Is it client-only now, without the server part? Previous package is named just "openvpn", it acts as both client or server (actually the two roles are symmetric, it can be both). If new openvpn is like this, I suggest naming it just "openvpn3", without the -client part, since it is quite confusing. Or is there also -daemon (or -server) part? Thanks, /mjt
Bug#1055870: RFS: hoteldruid/3.0.6-1 [RC] -- web-based property management system for hotels or B
Package: sponsorship-requests Severity: important Dear mentors, I am looking for a sponsor for my package "hoteldruid": * Package name : hoteldruid Version : 3.0.6-1 Upstream contact : Marco Maria Francesco De Santis * URL : http://www.hoteldruid.com/ * License : AGPL-3, CC0-1.0 * Vcs : None Section : web The source builds the following binary packages: hoteldruid - web-based property management system for hotels or B To access further information about this package, please visit the following URL: https://mentors.debian.net/package/hoteldruid/ Alternatively, you can download the package with 'dget' using this command: dget -x https://mentors.debian.net/debian/pool/main/h/hoteldruid/hoteldruid_3.0.6-1.dsc Changes since the last upload: hoteldruid (3.0.6-1) unstable; urgency=low . * New upstream release - Fixes multiple sql injection and XSS vulnerabilities. (Ref: CVE-2023-33817, CVE-2023-43371, CVE-2023-34537, CVE-2023-34854, CVE-2023-47164, CVE-2022-45592, CVE-2023-43373 CVE-2023-43374, CVE-2023-43375, CVE-2023-43376, CVE-2023-43377) (Closes: #1038251, #1052572, #1055772) Regards, -- Marco Maria Francesco De Santis
Bug#1053565: RFS: openvpn3-client/20+dfsg-1 [ITP] -- virtual private network daemon (version 3)
> The issue and ITP talks about there being two packages, a library part > and the client part. Has this changed (I cannot find the library part.) I did start out to have different packages (client, library, dev); but after discussing with upstream, I decided to mirror the upstream (tarball) release since they release their client as a single tarball and there is no other software that uses the library. For the moment, I would have to use the git tarballs from github instead of what they release as a tested client (integrated tarball of client and library). I thought it would be best to follow the upstream lead on this. > - changelog for an initial release should be only the first line, (as there > are no changes to the debian package on the initial upload) ack > - you are creating an user. [1] > - As per Debian polic 9.3, the username shouldbe an invalid user and start > with an "_" > - If I am not mistaken, you can use tmpfiles.d to specify the > directory /var/lib/openvpn to be owned by openvpn:openvpn, so that > snipped in postinst might not be needed. (please verify) I followed the user name lead on this one, but I'll adjust to match the policy. Thanks. > [1] https://wiki.debian.org/AccountHandlingInMaintainerScripts > - unicode-impl.hpp > I'm not convinced that this (license) issue is a non-issue. It might be > solved in later versions of the file, but the version in the tarball > does not allow modification. > As you are anyway dfsg repacking (at least the version indicates this, > see also below), hows' about removing the file and then reintroducing a > fine one with a patch? This is a difficult one (at least to me). I started investigating this and asking around on #debian-mentors. Therre it was concluded that it was a false positive. But since the licence seems to have changed for this file (the different copies included in Debian indicate this), I can do that, solves your concern. The DFSG was needed because the library used a random binary for testing without sources (some sparc binary iirc). > - files installed in /usr/include > --> you want a -dev package. I'll re-investigate this: since this client is standalone at the moment (cf supra); it should not install any header at all. > - d/copyright > - is not DEP-5 format. > - There is no indication why it is dfsg, and there id no > Files-Exluded section.. so are you repacking at all? The re-packaging was documented in debian/README.source > - For praticality reasons, it is recommended to keep the license of > the debian the same as upstream. Otherwise, package upstreaming > might get more difficult than needed. (GPL2 is anyway incompatibel > with Affero GPL 3; your "or later" safes the day.) > - There is license text for the Gnu Affero General Public License 3, > and it should be probably "AGPL-3" abbreviated. > - Note: I did not do a license review of the source files. Inspired by the openvpn team, I'll review. > - lintian overrides > - you need to comment the overrides WHY you overrode them. ack > - postinst > - remove the useless comment about utf-8, or let me know what you want > to say with it. my bad > - the python part - I think this should be in a dedicated python module > package? > > - S-V could be updated. > > - There is no watch file. This is in discussion with upstream to have a standard download location that can be scanned. At the moment, the download location does not allow indexing. > - The package is in a team namespace on salsa, but d/control does not > indicate that it is team maintained. As the ITP mentioned, part of the work was company sponsored, hence the (default) teamspace. But since I seem to be the only one working on it, I'll move it to a personal space. > As usual, remove moreinfo when you are done updating your package. ack -- g. Marc GPG: 827C FD74 BA46 8152 A041 F3A0 7A6A 4F17 5995 A65B
