[pkg] brutespray - review
Lukas Schwaighofer
lukas at schwaighofer.name
Fri Jul 7 17:26:45 UTC 2017
Hi Stéphane,
I just had a look at brutespray:
* it only seem to be useful in combination with medusa, yet you neither
depend nor recommend (or even suggest) it in d/control
* the package just contains one python script and no python module
- I think that means you don't need to add a setup.py and use pybuild
- instead you would have to patch the shebang line, however, to
conform to the python policy
- I don't know what's better though…
* the man page generated by ronn in d/rules should be cleaned up again
(add to d/clean, similar to curvedns)
* d/control
- XS-Python-Version is obsolete [1]
- Standards version is now 4.0.0
- as it is a python script, I expect it should be declared an
architecture independent package by using Architecture: all
- Build-Depends / Depends:
. why do you need lsb-base?
. drop the >=2.7 for python, everything is 2.7 now
. if you keep using pybuild and dh_python2, you should follow the
instructions from dh_python2 man page and add ${python:Depends} to
Depends (instead of python); if you don't use it some build
depends can be dropped…
- Vcs-* fields should point to alioth and not your github repo
* pristine tar branch is missing
* your d/watch file is wrong: when I run `uscan -v -dd` I see that
the deduced version according to your regular expression is "5"
instead of "1.5". If you need help fixing that let me know.
* the brutespray-1.5 tag in the git repository on alioth is wrong
(different from upstream). You should really try to avoid making that
mistake because, while you can correct it on alioth, anyone who has
already cloned the repsitory (like me) will have to manually remove
the tag and pull again after you fixed it… so always double-check
your tags.
As a final Note: I have no idea if this <400 LOC script warrants its own
Debian package at all… maybe you should ask for advise on that before
we put too much effort into the package.
Regards
Lukas
[1] https://www.debian.org/doc/packaging-manuals/python-policy/ch-module_packages.html#s-specifying_versions
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-security-team/attachments/20170707/375759f7/attachment.sig>
More information about the Pkg-security-team
mailing list