On Tue, Oct 03, 2017 at 12:14:30PM +0000, Hugh McMaster wrote: > I am looking for a sponsor for the package "libexif". > > Changes since the last upload: > > * Non-maintainer upload. > * debhelper update: > - Update package compatibility to level 10. > * debian/control: > - Bump debhelper build-dep to >= 10~. > - Remove dh-autoreconf from the Build-Depends list, as debhelper > enables the 'autoreconf' sequence by default. > - Bump Standards-Version from 3.9.5 to 4.1.1. > - Use the https protocol in the Vcs-Browser field. > - Update the URI referenced by the Vcs-Git field. > - Mark libexif-dev Multi-Arch: same (Closes: #786562). > * debian/copyright: > - Update the format specification URI. > - Remove references to libjpeg/* and configure.in (lintian). > * debian/patches: > - Add upstream patches to fix CVE-2016-6328 and CVE-2017-7544 > (thanks to Marcus Meissner) (Closes: #873022, #876466). > * debian/rules: > - Add 'hardening=+all' to DEB_BUILD_MAINT_OPTIONS. > - Exclude doxygen md5 files from installation (lintian). > - Remove '--with autoreconf' (now handled by debhelper level 10). > - Fix grammatical errors in a comment. > * debian/source/lintian-overrides: > - Override 'unused-file-paragraph-in-dep5-copyright' warnings.
This drastically exceeds what is appropriate for a NMU without the maintainer's consent. Sure, the package looks neglected, but if you're taking steps to salvage it, it wouldn't be a NMU (at least without an explanation). And a NMU requires following the procedure. The package is marked as team maintained, but neither do I see you among the PhotoTools team, nor did you claim a team upload. Thus, while your changes are welcome[1], I see confusion wrt what you're trying to do here. Options include: * a traditional "hostile" NMU: targetted fixes only, posting a NMU diff is required prior to upload * an authorized (ie, with maintainer's consent) NMU: everything goes * a team upload: you'd need to talk with folks of the PhotoTools team, then it's no longer a NMU (mark as "Team upload", regular version number) * a non-team salvage: doesn't look appropriate as other packages of that team look alive Meow! [1]. That lintian override is wrong, only one paragraph can apply to a file. I haven't done any real review other than a quick glance, thus there might be more issues. -- ⢀⣴⠾⠻⢶⣦⠀ We domesticated dogs 36000 years ago; together we chased ⣾⠁⢰⠒⠀⣿⡁ animals, hung out and licked or scratched our private parts. ⢿⡄⠘⠷⠚⠋⠀ Cats domesticated us 9500 years ago, and immediately we got ⠈⠳⣄⠀⠀⠀⠀ agriculture, towns then cities. -- whitroth on /.
