Hallo Helmut, danke für Dein review.
Am Samstag, den 08.11.2014, 08:53 +0100 schrieb Helmut Grohne: > Hi Jörg, > > I looked into the scons package at > http://mentors.debian.net/debian/pool/main/s/scons/scons_2.3.4-1.dsc and > copy this review to d-mentors for others to join in. Here are some > comments in random order. Importance at end of mail. > > 1. Earlier reviewers have observed that you are using compression-level > 9 with xz. While xz is already the default, using compression-level 9 > is actively harmful to machines with little ram. It also doesn't make > any sense with a 1MB package. See: > https://lists.debian.org/debian-devel/2014/09/msg00013.html debian/source/options removed. > 2. I am very uneasy about the following hunk to script/scons: > > | +# - running from source takes priority (since 2.3.2), excluding > SCONS_LIB_DIR settings > | +script_path = os.path.abspath(os.path.dirname(__file__)) > | +source_path = os.path.join(script_path, '..', 'engine') > | +libs.append(source_path) > > Importing random python modules from .. is a route to security > issues. Even if upstream is keen on keeping this hack to make scons > work better when used from source, the Debian package almost > certainly should revert it. Upstream is notified. > > 3. The fix for #760804+#761565 is needed in jessie. Can you prepare an > upload to unstable (in addition to your experimental upload) with > minimal changes beyond fixing RC bugs? > It's ready. My sponsor get a mail about this. > 4. d/changelog does not mention the change to the Vcs-Browser field. > done. > 5. Why does d/copyright list yourself as sole copyright holder for > debian/*? It seems that you are not the sole author. Sorry. Missing authors added. > > 6. I think that it is very unfortunate that you are restricting the > license of debian/* files to GPL-3+ when upstream uses Expat. That > will make it way harder to forward patches upstream. Please consider > using Expat for your contributions to the scons package as well. No. But I have added the missing debian/patches/* with license Expat. > > 7. Did you forward the manpage-spelling.patch upstream? > At this moment not, but I do it. > 1, 4, 7 are nice to have, but not essential to fix before uploading. On > the other hand 2, 3 and 5 really need to be addressed and I hope that > you change your mind about 6. > > You may want to create RFS bugs against the sponsorship-requests package > to make tracking the state of scons uploads easier. > OK > Thanks for your contributions > > Helmut > > Package is not uploaded to mentors. I'm waiting for Adrian, which package he would like want first. CU Jörg -- pgp Fingerprint: 7D13 3C60 0A10 DBE1 51F8 EBCB 422B 44B0 BE58 1B6E pgp Key: BE581B6E CAcert Key S/N: 0E:D4:56 Jörg Frings-Fürst D-54526 Niederkail Threema: SYR8SJXB IRC: j_...@freenode.net j_...@oftc.net
signature.asc
Description: This is a digitally signed message part