Please review my package

IOhannes m zmoelnig zmoelnig at iem.at
Thu Jul 5 09:52:26 UTC 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2012-07-05 10:47, wbrana wrote:
> Hello, I have created package for qemplayer

great that you want to contribute.


> http://mentors.debian.net/package/qemplayer

no real review (and i'm no DD, so i cannot upload anyhow) but a few
remarks (without even attempting to build the package):

- - you have "Debian Multimedia Maintainers" set as the maintainer.
p-m-m has a few rules, on how packaging is done.

e.g., all the pacakging in a git repository hosted at git.debian.org
(you need to become team member, if you want to use that infrastructure)

before submitting packages to d-m-m you should definitely read the
team's packaging guidelines [1].


- - the version is "12.5-1.1", indicating a non-maintainer upload (which
you also state in the changelog).
even though you are not an official "Debian Maintainer", you (or d-m-m
as a team) is "the maintainer" of the package. you, personally, will
never do a non-maintainer upload (or rather: you will no _exactly_
what "non-maintainer upload" means long before you will do one)

- - the long description of the binary-package is weirdly formatted and
rather short.

- - please use a machine-parseable debian/copyright, using DEP-5 [2] format

- - why are you setting setuid permissions in the postinst script?
this is a security hazard (and if you do it to gain realtime
priviliges, then it is no-longer needed and deprecated for a while, in
favour of pam_limits)

- - try to make your package lintian clean, by providing manpages,
building with fortification flags and removing .sh suffix in /usr/bin.

- - any specific reason why you build your own debian/rules file in
stead of using shortform dh or cdbs?


fgmasdr
IOhannes


[1] http://wiki.debian.org/DebianMultimedia/DevelopPackaging
[2] http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk/1Y9QACgkQkX2Xpv6ydvTBygCfVBOuEXxyS/3jQXztWKU/5hgW
DZUAoNVBQNBCHcnYdWuzK7rgNfv92ij+
=9I0y
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2320 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20120705/e88c7903/attachment.bin>

More information about the pkg-multimedia-maintainers mailing list