Bug#738683: RFS: hexchat/2.9.6.1-1 [ITP]
The copyright exception is in the upstream readme, in the source tarball under share/doc. The readme is where xchat mentions the OpenSSL exception, as well. This is one of the first things I discussed with #debian-mentors when I started this process and a couple people said it was fine to have the exception mentioned in a readme and not specifically in a LICENSE file, it just needs to be there. But if that's incorrect and upstream really does need to make some changes, I'll talk to them about it. Shouldn't be too hard. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#738683: RFS: hexchat/2.9.6.1-1 [ITP]
Hi Vincent, Here's the rest: 1) Recommends line moved back to where it should be 2) There is no doxygen-built documentation distributed with this package; I discussed it with #debian-mentors and they seemed to think that the Doxyfile in the upstream tarball is only there for development purposes and its output wouldn't be necessary in a binary distribution. (The plugin interface is documented separately, and already included in hexchat-common.) 3) I turned on verbose building and -D_FORTIFY_SOURCE=2 is indeed being used when python.so is being compiled, so that would make this an upstream issue, correct? Anything in particular I should mention when I report it to them? 4) The weird debian/rules targets were because I referred to the xchat package for examples, and its debian/rules may have been written originally before dh overrides were available/widely known. What I did worked, so I accepted it and moved on. I have switched the format to override_dh_* targets now. 5) debian/watch updated. Let me know your thoughts on the license exception, as well as point 2 in this email, and then I'll re-upload with the final decision. sney -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#738683: RFS: hexchat/2.9.6.1-1 [ITP]
Control: tag -1 + moreinfo On Tue, Feb 11, 2014 at 2:43 PM, sney dr...@drubo.net wrote: Package: sponsorship-requests Severity: wishlist Dear mentors, I am looking for a sponsor for my package hexchat Comments: - debian/copyright is incomplete: e.g. src/dirent/dirent-win32.h: Toni Ronkko, Expat intl/*.{c,h}: Free Software Foundation, Inc., LGPL-2.1+ I find licensecheck (from devscripts) to be a very useful tool to dig through license headers in each file. Of course, it's not perfect, so you still have to do some manual work. Anyways, there may be more undocumented license headers, I just gave a few examples above. - debian/control: Package: hexchat-common Architecture: all Recommends: xchat ^ shouldn't that be hexchat? Also, please consider using wrap-and-sort -s to sort your build-depends and depends field alphabetically and one per line; it makes reviewing diffs to debian/control much easier to read later on. - debian/changelog: collapse all unreleased entries into a single entry (i.e. just retain your 2.9.6.1-1 entry and delete everything else) - debian/paste.txt: remove this Regards, Vincent -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#738683: RFS: hexchat/2.9.6.1-1 [ITP]
On Mon, Feb 17, 2014 at 1:19 AM, Vincent Cheng vch...@debian.org wrote: Control: tag -1 + moreinfo On Tue, Feb 11, 2014 at 2:43 PM, sney dr...@drubo.net wrote: Package: sponsorship-requests Severity: wishlist Dear mentors, I am looking for a sponsor for my package hexchat Comments: - debian/copyright is incomplete: e.g. src/dirent/dirent-win32.h: Toni Ronkko, Expat intl/*.{c,h}: Free Software Foundation, Inc., LGPL-2.1+ I find licensecheck (from devscripts) to be a very useful tool to dig through license headers in each file. Of course, it's not perfect, so you still have to do some manual work. Anyways, there may be more undocumented license headers, I just gave a few examples above. There were several. All done now, I'm 99% sure. - debian/control: Package: hexchat-common Architecture: all Recommends: xchat ^ shouldn't that be hexchat? Oops. Done. Also, please consider using wrap-and-sort -s to sort your build-depends and depends field alphabetically and one per line; it makes reviewing diffs to debian/control much easier to read later on. Done. - debian/changelog: collapse all unreleased entries into a single entry (i.e. just retain your 2.9.6.1-1 entry and delete everything else) Done. - debian/paste.txt: remove this And done. Let me know if there's anything else. sney -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#738683: RFS: hexchat/2.9.6.1-1 [ITP]
On Mon, Feb 17, 2014 at 11:41 AM, Jesse Rhodes dr...@drubo.net wrote: On Mon, Feb 17, 2014 at 1:19 AM, Vincent Cheng vch...@debian.org wrote: Control: tag -1 + moreinfo On Tue, Feb 11, 2014 at 2:43 PM, sney dr...@drubo.net wrote: Package: sponsorship-requests Severity: wishlist Dear mentors, I am looking for a sponsor for my package hexchat Comments: - debian/copyright is incomplete: e.g. src/dirent/dirent-win32.h: Toni Ronkko, Expat intl/*.{c,h}: Free Software Foundation, Inc., LGPL-2.1+ I find licensecheck (from devscripts) to be a very useful tool to dig through license headers in each file. Of course, it's not perfect, so you still have to do some manual work. Anyways, there may be more undocumented license headers, I just gave a few examples above. There were several. All done now, I'm 99% sure. Another issue with the licensing that I neglected to mention in my last email is the fact that you claim in d/copyright that the source is licensed under GPL + openssl exception, but I cannot find any mention of this within the source tarball (there is no COPYING/LICENSE file in the top-level directory, and none of the GPL headers in the source files acknowledge the openssl linking exception). This needs to be documented somewhere in the source tarball itself. Can you ask upstream to release a new tarball with either a top-level COPYING file (like what is currently in their github repo, except it doesn't acknowledge the openssl exception either...ask them to fix that too), and/or to add the openssl exception to their per-file license headers? (FWIW I don't think ftpmasters will let hexchat through the NEW queue without the above being fixed, so consider this a blocker for an upload.) - debian/control: Package: hexchat-common Architecture: all Recommends: xchat ^ shouldn't that be hexchat? Oops. Done. This is somewhat pedantic, but can you move the Recommends: line just below the Depends: line (like it was before), and not after the long description? Also, please consider using wrap-and-sort -s to sort your build-depends and depends field alphabetically and one per line; it makes reviewing diffs to debian/control much easier to read later on. Done. - debian/changelog: collapse all unreleased entries into a single entry (i.e. just retain your 2.9.6.1-1 entry and delete everything else) Done. - debian/paste.txt: remove this And done. Let me know if there's anything else. - Documentation should be rebuilt during the build process with doxygen. - Lintian complains about hardening-no-fortify-functions, but your build is non-verbose (so you can't actually see if the source is compiled with -D_FORTIFY_SOURCE=2 in the build log). You can enable verbose build with autotools using --disable-silent-rules, e.g. override_dh_auto_configure: dh_auto_configure -- --disable-silent-rules That brings me to another point; why not use override_dh_* targets instead of defining build: and misc: like you're doing now in d/rules? - debian/watch can be made more robust if you check for other possible filenames, e.g. http://dl.hexchat.net/hexchat/hexchat-(.*)\.(?:zip|tgz|tbz|txz|(?:tar\.(?:gz|bz2|xz))) Regards, Vincent -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#738683: RFS: hexchat/2.9.6.1-1 [ITP]
Package: sponsorship-requests Severity: wishlist Dear mentors, I am looking for a sponsor for my package hexchat Package name : hexchat Version : 2.9.6.1-1 Upstream Author : Berke Viktor URL : http://hexchat.github.io License : GPL-2 with OpenSSL exception Section : net It builds these binary packages: hexchat - IRC client for X based on X-Chat 2 hexchat-common - Common files for HexChat To access further information about this package, please visit the following URL: http://mentors.debian.net/package/hexchat Alternatively, one can download the package with dget using this command: dget -x http://mentors.debian.net/debian/pool/main/h/hexchat/hexchat_2.9.6.1-1.dsc More information about HexChat can be obtained from http://hexchat.github.io/ and http://hexchat.readthedocs.org/. Please let me know if you need any more information. Regards, Jesse Rhodes (sney) -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (990, 'unstable'), (1, 'experimental') Architecture: i386 (x86_64) Kernel: Linux 3.12-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#738683: RFS: hexchat/2.9.6.1-1 [ITP]
On Wed, Feb 12, 2014 at 6:43 AM, sney wrote: hexchat - IRC client for X based on X-Chat 2 If this reaches Debian please ensure that it gets added to the security team's embedded-code-copies file, they track forks too. http://wiki.debian.org/EmbeddedCodeCopies What is the plan for xchat? Will it be removed in favour of hexchat? Are you co-ordinating with the Debian maintainers of xchat? Why was there a fork, is xchat no longer developed upstream? -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#738683: RFS: hexchat/2.9.6.1-1 [ITP]
Copying the bug as I neglected to do that -- Forwarded message -- From: Jesse Rhodes dr...@drubo.net Date: 2014-02-11 6:36 PM Subject: Re: Bug#738683: RFS: hexchat/2.9.6.1-1 [ITP] To: Paul Wise p...@debian.org Cc: On 2014-02-11 6:18 PM, Paul Wise p...@debian.org wrote: On Wed, Feb 12, 2014 at 6:43 AM, sney wrote: hexchat - IRC client for X based on X-Chat 2 If this reaches Debian please ensure that it gets added to the security team's embedded-code-copies file, they track forks too. OK, noted. What is the plan for xchat? Will it be removed in favour of hexchat? Are you co-ordinating with the Debian maintainers of xchat? Why was there a fork, is xchat no longer developed upstream? Exactly right. Xchat upstream development stalled in 2010. Furthermore, the last update in debian was a nmu and the most recent update by the maintainer was in 2012. I emailed the xchat maintainer quite some time ago asking if he had any plans to replace xchat with hexchat and never received a response. As for whether hexchat will replace xchat as a result of my packaging it, that's up in the air - they don't use the same dotfiles or path names so they can coexist on the same system without issues. Perhaps popcon can make that decision. Thanks for your feedback. sney
Bug#738683: RFS: hexchat/2.9.6.1-1 [ITP]
I've also filed an upstream bug due to the Lintian pedantic warning of debian-watch-may-check-gpg-signature. That bug can be found here: https://github.com/hexchat/hexchat/issues/895 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org