REJECT: campcaster
Jamie Strandboge
jamie at canonical.com
Mon Feb 22 23:59:50 GMT 2010
After review of campcaster, it is being rejected for the following
reasons:
1. debian/copyright does not cover all of the different licenses. Eg,
all of these files are technically GPL-3, because they point to
http://www.gnu.org/licenses/gpl.txt:
src/modules/htmlUI/var/ui_scheduler.class.php: UNKNOWN
src/modules/htmlUI/var/ui_playlist.class.php: UNKNOWN
src/modules/htmlUI/var/ui_scratchpad.class.php: UNKNOWN
src/modules/htmlUI/var/ui_handler.class.php: UNKNOWN
please run licensecheck from ubuntu-dev-tools over the source to see any
other issues.
2. the pear source references all of these licenses:
PHP (v2.0)
PHP (v2.02)
PHP (v3.0)
bbut debian/copyright only mentions PHP (v3.0). Additionally, according
to http://ftp-master.debian.org/REJECT-FAQ.html this license is
incompatible with the PEAR source (see PHP License). See
https://lists.debian.org/debian-legal/2005/08/msg00188.html for more
details. The version of pear embedded in campcaster appears to be 1.4.11
which may have security vulnerabilities in it. Can this package be
adjusted to use the system pear?
3. prerm does this, which is quite unusual:
remove|upgrade|deconfigure)
mkdir -p $vardir
# remove generated files
rm -rf $vardir/htmlUI/var/html/img/*
...
4. there is some stuff in postinst about mounting remote storage. This
doesn't seem safe at first glance.
There is also a lot of automation going on with postgresql that may need
to be looked at more closely. I've stopped there for now.
--
Jamie Strandboge | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/ubuntu-archive/attachments/20100222/0a0c631d/attachment.pgp
More information about the ubuntu-archive
mailing list