Reject: mythbuntu-bare
Jamie Strandboge
jamie at canonical.com
Fri Aug 19 18:50:42 UTC 2011
On Fri, 2011-08-19 at 13:36 -0500, Jamie Strandboge wrote:
> I'm sorry to inform you that this package is being rejecting for the
> following:
> * debian/copyright states that the sources are GPL v3, but
> console/public/cgi-bin/save_file.py (and others) are GPL2+. The
> top-level source also contains gpl-3.0.txt, which is somewhat confusing.
> Please review the sources and update accordingly
> * (optional) it is preferable that debian/copyright use DEP-5
> * (comment only) mythbuntu-bare-console.postinst assumes that the mythtv
> user exists. While it uses '|| true', you may want to review this user
> is guaranteed to exist (perhaps verify with the 'getent' call)
I forgot to mention:
* Your packaging using native Debian packaging, but it is not clear why.
I suggest you review the DebianMentorsFaq for why you may prefer to use
non-native packaging.
* I cannot find a proper upstream to verify the source package
integrity. Ieally the packaging will include a watch file that points to
a stable upstream URL (but this is often omitted with native packaging).
Alternatively, you could provide clear instructions on how to regenerate
the the tarball from pristine upstream sources (but this is hard to
automate with verification and not preferred). You might be interested
in the lp-project-upload command that Dustin Kirkland wrote. I have not
used it myself, but you might find it useful.
[1]http://wiki.debian.org/DebianMentorsFaq#What_is_the_difference_between_a_native_Debian_package_and_a_non-native_package.3F
--
Jamie Strandboge | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-archive/attachments/20110819/5a5c188d/attachment-0001.pgp>
More information about the ubuntu-archive
mailing list