REJECT: openerp6.1
Jamie Strandboge
jamie at canonical.com
Sun Jul 8 15:36:28 UTC 2012
Hi,
I'm sorry to inform you that this package is being rejected for the
following:
* debian/copyright is still no quite right. For one, it says that
various non-existent files are AGPL-3+ (ie, there are many
references to 'bin/', but the 'bin/' directory does not exist.
It seems like maybe this should be changed to 'openerp/', but
even after doing that, there are still files that use the default
GPL-3+ in copyright (eg, openerp/addons/mrp_subproduct/__init__.py).
Please use the licensecheck command and update debian/copyright
accordingly.
* .msi and .dll binaries are distributed as part of the source package
and should be removed since they are not the preferred form of
modification as required by the GPL. This typically is done by
repacking the source tarball with -dfsg in the name
* debian/openerp6.1-full.postinst sets the openerp database password in
an insecure manner which allows other users to see it via /proc.
Both the 'psql' and the 'sed' command have this problem (the 'cat'
that is used will be executed before the psql and sed commands and
the password put in its place). I suggest using the PGPASSFILE
environment variable (http://wiki.postgresql.org/wiki/Pgpass) for
psql (where PGPASSFILE is set to a tmpfile), and perhaps echo'ing
('echo' is a shell builtin in dash) the password directly into
/etc/openerp/openerp-server.conf and then use sed to clean it up. Eg:
sed -i "s/^\(db_password\s*=.*//' /etc/openerp/openerp-server.conf
echo "db_password = $pass" >> /etc/openerp/openerp-server.conf
* debian/openerp6.1-full.postrm removes the openerp db user on package
removal, which is not common. Normally users are removed on 'purge'
instead of 'remove' and often there is a debconf question to ask if
the user should be removed when the package is purged
* openerp6.1-core_6.1+1-0ubuntu1_all.deb ships a hidden file
(.bzrignore)
After making these changes, please feel free to reupload.
--
Jamie Strandboge | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-archive/attachments/20120708/30020482/attachment.pgp>
More information about the ubuntu-archive
mailing list