On 05/04/2012 14:01, Jonas Smedegaard wrote:
On 12-04-03 at 11:57pm, Jérémy Lal wrote:
it would be very nice to review npm package sitting at :
git://anonscm.debian.org/git/collab-maint/npm.git
Patch 2001 refer to debian/copyright. I recommend to document
explicitly, as the patch file will appear outside of the context of the
full packaging - i.e. at http://patch-tracker.debian.org/package/npm
Maybe add a brief explicit note and then refer (with a URL, not a
relative file reference) to further explanation e.g. a post to a
bugreport.
I added a link to upstream version of the license (the actual commit),
and a short explanation. Reading the license is clear and fast enough to
understand why.
I recommend to use ~dfsg (not ~dfsg9) in package versioning. Remember
to update everywhere, also e.g. in NEWS file.
Done...
Does not seem like news me to warn against use as root - and therefore
inappropriate to list in NEWS file. The similar text in README.Debian
is vague: first a feature is described, and only in next separate
pragraph discouraged.
Ok, NEWS states only what is broken and where are the docs.
README.Debian states what is special to debian.
Please avoid versioned (build-)dependencies when required version is
satisfied in all Debian distros releases where the package is available
at all.
Yep.
Feels odd to me that Node is explained at the end of long description. I
suggest to first introduce Node and afterwards go into more details.
Damn I did it like that for all other node-* packages.
Fixed here.
Are you sure it is necessary to set the bash-completion script
executable? Seems odd to me that the dh_bash-completion script wouldn't
take care of that if really needed.
Old error, fixed but needed a patch to remove shebang.
Please use either true upstream URL (at Github) or a Debian-maintained
redirection service to track and download upstream source (see node-xmpp
for an example, using githubredir.debian.net). The npmjs.org registry
is nice but less trustworthy.
Lot more work to do, but done, see git log (i hope i managed to get
something readable this time).
Repackaging of upstream source should be mentioned in Source paragraph
in debian/copyright. I recommend to also add a list of files/dirs
stripped in an unofficial Files-Excluded paragraph (I intend to propose
that as a future extension to DEP5 copyright file format, and also to
make use of it in CDBS at some point). See ghostscript packaging for an
example.
Seems nice, done.
Still copyright-format-1.0 since extra fields are allowed.
You should not rely on executable bit being properly set in sources. So
instead of executing ./configure I suggest to invoke bash ./configure.
Or even better: Ship a prepared npmrc in debian subdir to avoid the need
to execute upstream source during build (which is a slight security
risk).
Fixed.
I wonder why i even did it like that. Influenced by upstream, maybe :)
NB: Should i list added Build-Depends in changelog ?
Jérémy.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org