Hi, let's go package fixes. Please review my package. https://mentors.debian.net/package/runescape
> > 1) you put dependencies under build-dependencies, but they seem to be more > > runtime dependencies Corrected the dependencies in d/control > > 2) you fixed the gpg key issue, but now you have to *revoke* it and > > generate a new one. > > the key is compromised, I have it, and everybody that dgetted the package > > has it, and it is > > available on build machines such as DebOMatic and probably somewhere else > > too. Sorry, I'm terrible with the GPG key. Revoked and created a new one. I hope did right this time. > 3) not sure why have a .c file that runs a script... Made to create a makefile. :/ > > 4) # Necessary that the generated binary is in the directory where is the > > "script.sh" > > runescape: arch-dependent-file-in-usr-share > > usr/share/games/runescape/runescape > > > > this isn't necessary, please remove and fix lintian, don't override it, > > specially > > because lintian seems right here. > > > > 5) CFLAGS = -g -Wall -O2 -fstack-protector-strong -Wformat > > -Werror=format-security > > CPPFLAGS = -D_FORTIFY_SOURCE=2 > > LDFLAGS = -fPIE -pie -Wl,-z,relro -Wl,-z,now > > OBJECTS = runescape.o > > > > no, please never override flags. > > you can use ?= that means define if not already defined, but never override > > external flags. > > Corrected makefile. > 6)Please add some upstream metadata: > https://wiki.debian.org/UpstreamMetadata I'm sorry, but not working "upstream metadata". http://upstream-metadata.debian.net Thanks! Em Ter, 2016-06-07 às 15:42 +0200, Gianfranco Costamagna escreveu: > Hi > > On 06/06/2016 03:53, Carlos Donizete Froes wrote: > > Hello Gianfranco, > > > > I made the changes recommended me. Please could again analyze my > > package? > > > > https://mentors.debian.net/package/runescape > > > > Thank you! > > > > Hi > > some more issues: > > 1) you put dependencies under build-dependencies, but they seem to be more > runtime dependencies > > 2) you fixed the gpg key issue, but now you have to *revoke* it and generate > a new one. > the key is compromised, I have it, and everybody that dgetted the package has > it, and it is > available on build machines such as DebOMatic and probably somewhere else too. > > So, you should probably revoke it, and generate a new one > (you have it protected with passphrase, so if you think your passphrase is > strong enough > you can avoid this step, I didn't try to brute-force it) > > 3) not sure why have a .c file that runs a script... > > 4) # Necessary that the generated binary is in the directory where is the > "script.sh" > runescape: arch-dependent-file-in-usr-share > usr/share/games/runescape/runescape > > > this isn't necessary, please remove and fix lintian, don't override it, > specially > because lintian seems right here. > > 5) CFLAGS = -g -Wall -O2 -fstack-protector-strong -Wformat > -Werror=format-security > CPPFLAGS = -D_FORTIFY_SOURCE=2 > LDFLAGS = -fPIE -pie -Wl,-z,relro -Wl,-z,now > OBJECTS = runescape.o > > no, please never override flags. > you can use ?= that means define if not already defined, but never override > external flags. > > 6)Please add some upstream metadata: https://wiki.debian.org/UpstreamMetadata > > Gianfranco > > -- Carlos Donizete Froes [a.k.a coringao] - https://wiki.debian.org/coringao GPG: 4096R/B638B780 2157 630B D441 A775 BEFF D35F FA63 ADA6 B638 B780
signature.asc
Description: This is a digitally signed message part