REJECT: openerp6.1

Jamie Strandboge jamie at canonical.com
Sun Jul 8 15:36:28 UTC 2012 

Hi,

I'm sorry to inform you that this package is being rejected for the
following:
 * debian/copyright is still no quite right. For one, it says that 
   various non-existent files are AGPL-3+ (ie, there are many
   references to 'bin/', but the 'bin/' directory does not exist.
   It seems like maybe this should be changed to 'openerp/', but
   even after doing that, there are still files that use the default
   GPL-3+ in copyright (eg, openerp/addons/mrp_subproduct/__init__.py). 
   Please use the licensecheck command and update debian/copyright 
   accordingly.
 * .msi and .dll binaries are distributed as part of the source package 
   and should be removed since they are not the preferred form of 
   modification as required by the GPL. This typically is done by 
   repacking the source tarball with -dfsg in the name
 * debian/openerp6.1-full.postinst sets the openerp database password in
   an insecure manner which allows other users to see it via /proc. 
   Both the 'psql' and the 'sed' command have this problem (the 'cat'
   that is used will be executed before the psql and sed commands and
   the password put in its place). I suggest using the PGPASSFILE 
   environment variable (http://wiki.postgresql.org/wiki/Pgpass) for
   psql (where PGPASSFILE is set to a tmpfile), and perhaps echo'ing 
   ('echo' is a shell builtin in dash) the password directly into
   /etc/openerp/openerp-server.conf and then use sed to clean it up. Eg:
     sed -i "s/^\(db_password\s*=.*//' /etc/openerp/openerp-server.conf
     echo "db_password = $pass" >> /etc/openerp/openerp-server.conf
 * debian/openerp6.1-full.postrm removes the openerp db user on package
   removal, which is not common. Normally users are removed on 'purge' 
   instead of 'remove' and often there is a debconf question to ask if
   the user should be removed when the package is purged  
 * openerp6.1-core_6.1+1-0ubuntu1_all.deb ships a hidden file 
   (.bzrignore)

After making these changes, please feel free to reupload.

-- 
Jamie Strandboge             | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-archive/attachments/20120708/30020482/attachment.pgp>

More information about the ubuntu-archive mailing list