>* d/control: > + Vcs-* have to point to the packaging repository, not the upstream > one. Since this is something maintained by the multimedia team > (according to Maintainer) it should have a repo within the multimedia > team space.
Fixed by setting Maintainer to me until I get into the team. I have not even raised the application intent yet. > + Homepage points to the upstream VCS: doesn't this project have a real > homepage? Well, it is, but it is sometimes not accessible. Added it anyway. > + Both descriptions are way way too short (1 line). please strive to > find at least 3 lines... >* d/*.dirs > + those two files are totally useless, get rid of them Shot them dead ;) >* libudfread-dev.install > + you are installing the .a file: do you really need it? As a personal > policy I try to remove static libraries rather than adding them… I often link software statically, especially targeting Android. So I guess keeping static library won't hurt as part of -dev package. >* d/changelog: > + Please add the "Initial upload" words in there :) Doen :) >* d/rules: > + since you are using dh compat 13, you can go and use > "execute_before_dh_installexamples" instead of the current override > + you may prefer to add that .la file in d/not-installed instead of > overriding dh_missing that way (also relevant if you stop installing > the .a file). >* d/copyright: Good catch, thanks! Now I can keep not-installable things sane. > + I see that debian/* has a different license than the rest of the > package. Theoretically that might cause issue if for example sombody > writes a patch for debian, place it under the debian/* license (GPL2+ > in this case). That patch then it would taint the upstream license, > as combining code with LGPL2.1 and GPL2+ leads to something that is > only GPL2+, likely something that upstream wouldn't want. > + furthermore, the project is not released under LGPL-2.1, but > LGPL-2.1+ ... please pay attention to these details Yes, I double-checked their licenses and fixed d/copyright > + in the copyright you wrote "2014-2020 VLC authors and VideoLAN", but > I can't find any year later than 2017. Lastly, I see all files have > only one "Author:" listead in them, I'd find nice if you added at > least a Comment: line in that "Files: *" paragraph mentioning that > single author. Done > + you missed m4/attributes.m4 - please take note that that GPL-2+ file > has a special exception Done >* you uploaded a .asc file, but you have not provided either public > signing key in d/upstream/signing-key.asc nor set an appropriate pgp > option in d/watch. Nor I can find any signature on the upstream > repository (note that I haven't tried to check the signature). Where > is it coming from? It was my signature as recommended in one of thousand Debian Wiki pages I read. As you clarified in pr8vate, this was useless so I recreated repo and pushed the fixed package to mentors queue. Thanks for review! :) -- Vasyl Gello
