[Python-modules-team] RFS: pcapy/0.11.3-1 [ITA]

Sergio Durigan Junior sergiodj at debian.org
Mon Aug 20 01:31:38 BST 2018 

On Saturday, August 11 2018, eamanu wrote:

> Hello Sergio!
>
> Thanks for your comments!

No problem, and sorry for the delay.

> 1) On d/copyright, the license specified for the project is wrong.
>> According to the LICENSE file, the project is released under a slightly
>> modified version of the Apache license.  This is something really
>> important to get right, otherwise the ftp-masters will certainly reject
>> the package.  You listed the license as being "GPL-2", but the text is
>> clearly not GPL-2.
>>
>> Ohh!!! Sorry I saw the old d/copyright file to do this.

No problem.  However, the "License:" still doesn't reflect the license
of the software.  According to LICENSE:

  We provide this software under a slightly modified version of the
  Apache Software License. The only changes to the document were the
  replacement of "Apache" with "Pcapy" and "Apache Software Foundation"
  with "CORE Security Technologies". Feel free to compare the resulting
  document to the official Apache license.

  The `Apache Software License' is an Open Source Initiative Approved
  License.

Therefore, I think a better value for the field would be:

  License: Apache with Pcapy modifications

Also, please remove the "All rights reserved." text here:

  Copyright (C) 2003-2011 CORE Security Technologies <oss at coresecurity.com>. 
   All rights reserved.

Oh, and please fix the years.  Nowhere in the code I see "2003-2011".
Doing a basic grep, I see that the year should be 2014.

> 2) Still on d/copyright: as said above, the GPL-2 license is wrong.
>> However, I think it's also important to mention that the license text is
>> formatted in a strange/wrong manner.  You have text like this:
>>
>>  [...]
>>  Redistribution and use in source  and binary forms, with or without
>>    modification, are permitted  provided that the following conditions
>>    are met:
>>
>>        1. Redistributions  of  source   code  must  retain  the  above
>>  [...]
>>
>> The correct format for d/copyright is to indent the text using 1 space,
>> and to use . (dot) for blank lines.  Like this:
>>
>>  [...]
>>  Redistribution and use in source  and binary forms, with or without
>>  modification, are permitted  provided that the following conditions
>>  are met:
>>  .
>>  1. Redistributions  of  source   code  must  retain  the  above
>>  [...]
>>
>
>
> Ready!

Thanks.

I see that the contributions under the debian/ directory are released
under GPL-3+.  That's absolutely fine (I am a GPL advocate as well).
However, I must warn you that the Debian patches will also be released
under this license, which may be problematic if/when you decide to
upstream them.  But I understand this is the current situation anyway.
You may want to try to contact Arnaud Fontaine and ask him if he's OK
with changing the license to Apache in the future.

>>
>> 3) The package uses a *really* old version of debhelper (version 5!).
>> We're at version 11 already, so you should update both d/compat and
>> d/control (i.e., depend on debhelp >= 11) to reflect that.
>>
>
> Ready!

Thanks.

>>
>> 4) You haven't addressed my comment about building a Python 3 package.
>> IMO you should really do that; lintian will warn you if you don't.
>>
>
> Yes, I forgot do that! Sorry!

Thanks, but what you did is incomplete.  In order to create a new
package, you have to create an entry for it on d/control.  What you did
(add ${python3:Depends} to python-pcapy's Depends) is wrong because
you're basically pulling Python 3 dependencies for a Python 2 package.
Please have a look at other packages under them DPMT and check their
d/control; you will find many examples of how to create Python 3
packages.

>>
>> 5) You haven't answered my question about why the package has "Suggests:
>> doc-base".  It seems to be a relic from this very old debhelper; I think
>> you can safely remove it.
>>
>
> Yes, I remove it. Since I do not have much knowledge about doc-base and why
> it is there, I left it. But now is removed.

Thanks,

-- 
Sergio
GPG key ID: 237A 54B1 0287 28BF 00EF  31F4 D0EB 7628 65FC 5E36
Please send encrypted e-mail if possible
http://sergiodj.net/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/python-modules-team/attachments/20180819/5c9d184e/attachment.sig>

More information about the Python-modules-team mailing list