[Pkg-javascript-devel] RFS: node-dompurify

Yadd yadd at debian.org
Fri Nov 5 12:05:40 GMT 2021 

Le 05/11/2021 à 12:57, Yadd a écrit :
> Le 05/11/2021 à 12:22, Caleb O.A. a écrit :
>> Hi there,
>>
>> I just updated the node-dompurify package from 2.3.0 to 2.3.3. I would
>> like you to confirm if it's safe for sponsorship and uploading
>> https://salsa.debian.org/calebpitan/node-dompurify
>>
>> Thank you!
>>
>> Caleb Adepitan.
>>
>> (Outreachy Internship Applicant)
> 
> Hi,
> 
> done with changes. Detailed explanations:
> 
>  * `lintian-brush` tool fixes automatically some little things. It's a
>    good practice to launch it. Here:
>     * trailing whitespaces
>     * some debian/upstream/metadata fixes
> 
>  * `lintian` can display more things with options --info. I added some
>    missing unimportant overrides (see my changes)
> 
>  * dependency to nodejs is bad (Multi-Arch). Two solutions:
>    + if there is a node script (bin/foo.js), replace it by "nodejs:any"
>    + else prefer to drop this dependency: there are some other JS
>      engines
>      Note than if you drop nodejs but it is required, lintian will show
>      it with an error. So you can safely drop it and wait for lintian to
>      see if it was required, if so, use "nodejs:any"
> 
>  * always take a look to tracker.debian.org, you will see:
>    * if there is a bug to fix
>    * if Multi-Arch reports a problem
> 
>  * `cme check dpkg` command shows some other problems:
>    + debian/copyright didn't follow
>      https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
>      (bad license entry)
>    + [Pedantic, really not required] patch didn't follow format provided
>      by `dpkg-source --commit`. It can be useful for other team member
>      to know
>      + if the patch has been submitted to upstream, if yes where
>      + if the patch refers to a known bug (upstream and/or Debian and/or
>        Ubuntu)
>      + if the patch comes (or is inspired) from upstream or another
>        source, if yes set the link
>      + who is author
>      + who reviewed it (used when patch is changed later by another team
>        member,...)
>     When you submit a patch to fix a security issue, it is really useful
>     to use this format
> 
>   * `duck` tool can show some other problems (upstream dead,...)
> 
>   * `debcheck-nodejs` shows if there is a difference between npmjs.com
>     and source given to debian/watch. Don't apply it's recommandations
>     without analysis (sometime, just report to upstream that there is
>     a missing tag,...)

Sorry, command is `debcheck-node-repo` (provided by pkg-js-tools)

>   * other:
>     + prefer to use "dh-sequence-nodejs" instead of "pkg-js-tools +
>       dh --with nodejs"
>     + I fixed debian/watch because next version of uscan will raise an
>       error when filenamemangle failed (don't worry with that for now)
> 
> Thanks for your contribution!
> 
> Cheers,
> Yadd
>

More information about the Pkg-javascript-devel mailing list