RFS: minidlna (updated package and FTBFS fix)
Dear mentors, I am looking for a sponsor for the new version 1.0.21+dfsg-1 of my package "minidlna". It builds this binary package: minidlna - lightweight DLNA/UPnP-AV server targeted at embedded systems The package is lintian clean, and has been tested to compile and run fine on amd64, armel and kfreebsd (although I could not try and compile it in a clean chroot on the latter because neither pbuilder nor cowbuilder is available on that platform). The package can be found on mentors.debian.net: - URL: http://mentors.debian.net/debian/pool/main/m/minidlna - Source repository: deb-src http://mentors.debian.net/debian unstable main contrib non-free - dget http://mentors.debian.net/debian/pool/main/m/minidlna/minidlna_1.0.21+dfsg-1.dsc Cheers, -- Benoît Knecht -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110722103651.ga32...@marvin.lan
Re: RFS: minidlna (updated package and FTBFS fix)
Salut Benoît, On Fri, Jul 22, 2011 at 12:36:51PM +0200, Benoît Knecht wrote: > I am looking for a sponsor for the new version 1.0.21+dfsg-1 of my > package "minidlna". > - dget > http://mentors.debian.net/debian/pool/main/m/minidlna/minidlna_1.0.21+dfsg-1.dsc 1. Your upoad uses a tarball that's not identical to upstream's one. Please consider adding a get-orig-tarball target to debian/rules to verify what steps are required to generate it. 2. The 1.0.20+dfsg-2 never made it into Debian. Changes generated accordingly. Please double check next time. 3. Your patches don't use DEP-3 headers. It would be nice to have them to see which of those have already been pushed upstream etc.. Anyway, built, signed, uploaded. Thanks! -- Best regards, Kilian signature.asc Description: Digital signature
Re: RFS: minidlna (updated package and FTBFS fix)
Hi, On Fri, Jul 22, 2011 at 11:16:54PM +0200, Kilian Krause wrote: > 1. Your upoad uses a tarball that's not identical to upstream's one. Please >consider adding a get-orig-tarball target to debian/rules to verify what >steps are required to generate it. ..that would be get-orig-source of course... -- Best regards, Kilian signature.asc Description: Digital signature
Re: RFS: minidlna (updated package and FTBFS fix)
2011/7/22 Kilian Krause : > On Fri, Jul 22, 2011 at 12:36:51PM +0200, Benoît Knecht wrote: >> I am looking for a sponsor for the new version 1.0.21+dfsg-1 of my >> package "minidlna". >> - dget >> http://mentors.debian.net/debian/pool/main/m/minidlna/minidlna_1.0.21+dfsg-1.dsc > > 1. Your upoad uses a tarball that's not identical to upstream's one. Please > consider adding a get-orig-tarball target to debian/rules to verify what > steps are required to generate it. Please take no offense, Benoît. But in such a case, Kilian, can you be sure the source hasn't been tampered with? I'd feel rather unconfortable otherwise. -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CANVYNa-Jy6Fvvfn2k=yt6txkgz8d6-jhxwt_-+ednocckur...@mail.gmail.com
Re: RFS: minidlna (updated package and FTBFS fix)
Hi Kilian, Kilian Krause wrote: > Salut Benoît, > > On Fri, Jul 22, 2011 at 12:36:51PM +0200, Benoît Knecht wrote: > > I am looking for a sponsor for the new version 1.0.21+dfsg-1 of my > > package "minidlna". > > - dget > > http://mentors.debian.net/debian/pool/main/m/minidlna/minidlna_1.0.21+dfsg-1.dsc > > 1. Your upoad uses a tarball that's not identical to upstream's one. Please >consider adding a get-orig-tarball target to debian/rules to verify what >steps are required to generate it. Yes, that's what the +dfsg in the upstream version is all about; I've replaced the icons.c file, which contained binary blobs of possibly unfree images. I've included a script to generate it, but not a get-orig-source yet, as I'm not sure how to achieve the "this target may be invoked in any directory" part of the policy. Any advices welcome. > 2. The 1.0.20+dfsg-2 never made it into Debian. Changes generated >accordingly. Please double check next time. I'm not sure what you mean. I did some changes before 1.0.21 was released and checked them into git; the next version came before I had a chance to submit that one, so I added a new changelog entry and recorded further changes there. I actually prefer this to merging the changelog entries together, but maybe I should have tagged the previous version as UNRELEASED. > 3. Your patches don't use DEP-3 headers. It would be nice to have them to >see which of those have already been pushed upstream etc.. I'll consider it, but right now I'm using the format generated by git-format-patch, which I find quite convenient. > Anyway, built, signed, uploaded. Thanks a lot, for the upload and for the review. Cheers, -- Benoît Knecht -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110722233910.ga26...@marvin.lan
Re: RFS: minidlna (updated package and FTBFS fix)
Hi Fernando, Fernando Lemos wrote: > 2011/7/22 Kilian Krause : > > On Fri, Jul 22, 2011 at 12:36:51PM +0200, Benoît Knecht wrote: > >> I am looking for a sponsor for the new version 1.0.21+dfsg-1 of my > >> package "minidlna". > >> - dget > >> http://mentors.debian.net/debian/pool/main/m/minidlna/minidlna_1.0.21+dfsg-1.dsc > > > > 1. Your upoad uses a tarball that's not identical to upstream's one. Please > > consider adding a get-orig-tarball target to debian/rules to verify what > > steps are required to generate it. > > Please take no offense, Benoît. But in such a case, Kilian, can you be > sure the source hasn't been tampered with? I'd feel rather > unconfortable otherwise. I did "tamper" with the source, in the sense that I replaced the non-free icons.c file. This is documented in debian/copyright. I'm not sure what kind of tampering you're worried about, but you can easily check that no other file from upstream was modified. Cheers, -- Benoît Knecht -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110722234629.gb26...@marvin.lan
Re: RFS: minidlna (updated package and FTBFS fix)
2011/7/22 Benoît Knecht : > Hi Fernando, > > Fernando Lemos wrote: >> 2011/7/22 Kilian Krause : >> > On Fri, Jul 22, 2011 at 12:36:51PM +0200, Benoît Knecht wrote: >> >> I am looking for a sponsor for the new version 1.0.21+dfsg-1 of my >> >> package "minidlna". >> >> - dget >> >> http://mentors.debian.net/debian/pool/main/m/minidlna/minidlna_1.0.21+dfsg-1.dsc >> > >> > 1. Your upoad uses a tarball that's not identical to upstream's one. Please >> > consider adding a get-orig-tarball target to debian/rules to verify what >> > steps are required to generate it. >> >> Please take no offense, Benoît. But in such a case, Kilian, can you be >> sure the source hasn't been tampered with? I'd feel rather >> unconfortable otherwise. > > I did "tamper" with the source, in the sense that I replaced the > non-free icons.c file. This is documented in debian/copyright. I'm not > sure what kind of tampering you're worried about, but you can easily > check that no other file from upstream was modified. Again, no offense meant. I have no reason to believe anyone is acting in bad faith. Just to clarify, I find it concerning that we might be accepting source uploads that don't come straight from upstream and don't match what was released upstream. I'm relieved to hear that there is a way to ensure in your specific case that the source is the same as shipped upstream. I wish this was a requirement for new packages entering Debian. -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CANVYNa_yUwOg58O5JjdF3Su75o3YNA4co48TkFK-=-h63+s...@mail.gmail.com
Re: RFS: minidlna (updated package and FTBFS fix)
Hi Benoît, On Sat, Jul 23, 2011 at 01:39:11AM +0200, Benoît Knecht wrote: > Kilian Krause wrote: > > > > On Fri, Jul 22, 2011 at 12:36:51PM +0200, Benoît Knecht wrote: > > > I am looking for a sponsor for the new version 1.0.21+dfsg-1 of my > > > package "minidlna". > > > - dget > > > http://mentors.debian.net/debian/pool/main/m/minidlna/minidlna_1.0.21+dfsg-1.dsc > > > > 1. Your upoad uses a tarball that's not identical to upstream's one. Please > >consider adding a get-orig-tarball target to debian/rules to verify what > >steps are required to generate it. > > Yes, that's what the +dfsg in the upstream version is all about; I've > replaced the icons.c file, which contained binary blobs of possibly > unfree images. I've included a script to generate it, but not a > get-orig-source yet, as I'm not sure how to achieve the "this target may > be invoked in any directory" part of the policy. Any advices welcome. I'd either put a "dh_testdir" check in place if you don't want to make sure you can pull in the new file with `dirname $0` or just use the latter to make sure you refrence the same directory your rules file is in and build the new tarball in /tmp and then move it to the current working directory as per Debian Policy. > > 2. The 1.0.20+dfsg-2 never made it into Debian. Changes generated > >accordingly. Please double check next time. > > I'm not sure what you mean. I did some changes before 1.0.21 was > released and checked them into git; the next version came before I had a > chance to submit that one, so I added a new changelog entry and recorded > further changes there. I actually prefer this to merging the changelog > entries together, but maybe I should have tagged the previous version as > UNRELEASED. Yes, that would have been better. You had put up a version on mentors.d.n which had a 1.0.20+dfsg-2 entry labelled as if it was uploaded to unstable yet the dak doesn't show any such version ever made it. Thus I've made it a cumulative upload with "dpkg-buildpackage -v1.0.20+dfsg-1" covering both entries as opposed to only the newest one which would be the default. > > 3. Your patches don't use DEP-3 headers. It would be nice to have them to > >see which of those have already been pushed upstream etc.. > > I'll consider it, but right now I'm using the format generated by > git-format-patch, which I find quite convenient. As said, there's nothing wrong with what you have. No offense intended. It was just a remark that there's DEP-3 out there and may come in handy but if you already use git-format-patch that's fine, too! -- Best regards, Kilian signature.asc Description: Digital signature
Modified tarballs [was: Re: RFS: minidlna (updated package and FTBFS fix)]
On Fri, Jul 22, 2011 at 09:03:07PM -0300, Fernando Lemos wrote: Hi, > Just to clarify, I find it concerning that we might be accepting > source uploads that don't come straight from upstream and don't match > what was released upstream. I'm relieved to hear that there is a way > to ensure in your specific case that the source is the same as shipped > upstream. I wish this was a requirement for new packages entering > Debian. We do it all the time. Just 'dpkg -l|grep dfsg' on your local system and you should find plenty of those modified source tarballs. What I, as an uploader, do in such cases is a diff between the upstream provided tarball and what's in the dfsg orig.tar.gz. You can get a rough overview with diffstat and then review suspicious additions in more detail. Sven -- And I don't know much, but I do know this: With a golden heart comes a rebel fist. [ Streetlight Manifesto - Here's To Life ] -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110723074614.GA2371@marvin
Re: Modified tarballs [was: Re: RFS: minidlna (updated package and FTBFS fix)]
On Sat, Jul 23, 2011 at 4:46 AM, Sven Hoexter wrote: > On Fri, Jul 22, 2011 at 09:03:07PM -0300, Fernando Lemos wrote: >> Just to clarify, I find it concerning that we might be accepting >> source uploads that don't come straight from upstream and don't match >> what was released upstream. I'm relieved to hear that there is a way >> to ensure in your specific case that the source is the same as shipped >> upstream. I wish this was a requirement for new packages entering >> Debian. > > We do it all the time. Just 'dpkg -l|grep dfsg' on your local system > and you should find plenty of those modified source tarballs. Yeah, I'm aware of those. > What I, as an uploader, do in such cases is a diff between the upstream > provided tarball and what's in the dfsg orig.tar.gz. You can get a > rough overview with diffstat and then review suspicious additions in > more detail. Thanks, that's what I expected to hear. -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/canvyna-rxxagbajqm8gywjiwyumicn1zh-pjgtl4u7re25f...@mail.gmail.com
Re: Modified tarballs [was: Re: RFS: minidlna (updated package and FTBFS fix)]
On Sat, Jul 23, 2011 at 9:46 AM, Sven Hoexter wrote: > We do it all the time. Just 'dpkg -l|grep dfsg' on your local system > and you should find plenty of those modified source tarballs. > > What I, as an uploader, do in such cases is a diff between the upstream > provided tarball and what's in the dfsg orig.tar.gz. You can get a > rough overview with diffstat and then review suspicious additions in > more detail. Best practice for modified tarballs is to write a debian/rules get-orig-source target that downloads the upstream tarball and removes anything that needs to be removed. IIRC this is documented either in policy or devref. -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/caktje6f1mlrfda_ayqihxuytynwhdrjuae0vxui+fxyv_bd...@mail.gmail.com
