Control: tags -1 +moreinfo Havard,
Preamble... Thank you for taking the time to prepare this package and your contribution to the Debian project. The review below is for assistance. This review is offered to help package submitters to Debian mentors inorder to improve their packages prior to possible sponsorship into Debian. There is no obligation on behalf of the submitter to make any alterations based upon information provided in the review. Review... 1. Build: * pbuilder [1]: Good * sbuild [2]: Good 2. Lintian [3]: Warning W: libopenscap33: uses-dpkg-database-directly [usr/lib/x86_64-linux- gnu/libopenscap.so.33.0.0] N: N: The listed file or maintainer script appears to access the internal N: database(s) of dpkg. N: N: The entire dpkg database, its layout and files are an internal interface N: and no program or package should be accessing it, other than dpkg itself N: and the suite of dpkg tools. N: N: Whilst the files may be editable by an admin, that's a supported (but N: unrecommended) feature reserved for humans and not for automatic tools. N: N: Please refer to https://wiki.debian.org/DpkgConffileHandling for details. N: N: Visibility: warning N: Show-Always: no N: Check: files/contents 3. Licenses [4]: Issue Some maybe false positive, but a review is in order due to so many files being flagged. philwyett@ks-tarkin:~/Development/builder/debian/mentoring/openscap- 1.4.0+dfsg$ lrc -t : Versions: recon 1.14 check 3.3.9-1 Parsing Source Tree .... Reading copyright .... Running licensecheck .... d/copyright | licensecheck | BSD-2-clause cmake/FindDBUS.cmake | LGPL-2.1+ compat/compat.h | LGPL-3+ compat/strptime.c | LGPL-2.1+ compat/strsep.c | LGPL-2.1 lgpl-2.1.rtf | LGPL-2 openscap.spec LGPL-2.0+ | LGPL-2+ oscap_wrapper.in | LGPL-2+ run.in W3C | W3C~unknown schemas/common/xmldsig-core-schema.xsd | W3C~unknown schemas/oval/5.11.3/xmldsig-core- schema.xsd LGPL-2.1+ and expat| Expat and/or LGPL-2.1+ schemas/sce/1.0/sce-result- schema.xsd | LGPL-2.1+ src/CPE/cpe_ctx_priv.c | public-domain src/OVAL/probes/SEAP/MurmurHash3.c | LGPL-2.1+ src/OVAL/probes/SEAP/_seap-command.h | LGPL-2.1 tests/API/probes/test_memusage.c | LGPL-2.1+ tests/bz2/test_bz2_memory_source.c | GPL-2 tests/probes/rpm/foo.spec | LGPL-2.1+ tests/sce/script_tester.py | Perl tests/xmldiff.pl LGPL-2.0+ | LGPL-2+ utils/autotailor | LGPL-2.1+ utils/oscap-cpe.c LGPL-2.0+ | LGPL-2+ utils/oscap-docker.in | LGPL-2.1+ utils/oscap-ds.c LGPL-2.0+ | LGPL-2+ utils/oscap-podman GPL-2+ | GPL-2 utils/oscap-remediate LGPL-2.0+ | LGPL-2+ utils/oscap-ssh | LGPL-2.1+ utils/oscap-tool.c LGPL-2.0+ | LGPL-2+ utils/oscap-vm | LGPL-2.1+ utils/oscap-xccdf.c LGPL-2.0+ | LGPL-2+ utils/oscap_docker_python/__init__.py | LGPL-2.1+ utils/scap-as-rpm | BSD-3-clause xsl/oval-results-report.xsl | LGPL-2.1 xsl/oval-to-xccdf.xsl | LGPL-2.1+ xsl/xccdf-branding.xsl | Expat xsl/xccdf-resources.xsl | LGPL-2.1+ xsl/xccdf-share.xsl 4. Watch file [uscan --force-download]: Good 5. Build Twice [sudo pbuilder build --twice <package>.dsc]: Issue dpkg-source -b . dpkg-source: info: using source format '3.0 (quilt)' dpkg-source: info: building openscap using existing ./openscap_1.4.0+dfsg.orig.tar.xz dpkg-source: info: using patch list from debian/patches/series dpkg-source: warning: file openscap-1.4.0+dfsg/.pytest_cache/v/cache/nodeids has no final newline (either original or modified version) dpkg-source: warning: file openscap-1.4.0+dfsg/.pytest_cache/v/cache/stepwise has no final newline (either original or modified version) dpkg-source: info: local changes detected, the modified files are: openscap-1.4.0+dfsg/.pytest_cache/CACHEDIR.TAG openscap-1.4.0+dfsg/.pytest_cache/README.md openscap-1.4.0+dfsg/.pytest_cache/v/cache/nodeids openscap-1.4.0+dfsg/.pytest_cache/v/cache/stepwise dpkg-source: info: Hint: make sure the version in debian/changelog matches the unpacked source tree dpkg-source: info: you can integrate the local changes with dpkg-source -- commit dpkg-source: error: aborting due to unexpected upstream changes, see /tmp/openscap_1.4.0+dfsg-1.diff.Oq6MvY dpkg-buildpackage: error: dpkg-source -b . subprocess returned exit status 2 I: copying local configuration E: Failed autobuilding of package I: unmounting dev/ptmx filesystem I: unmounting dev/pts filesystem I: unmounting dev/shm filesystem I: unmounting proc filesystem I: unmounting sys filesystem I: cleaning the build env I: removing directory /var/cache/pbuilder/build/226793 and its subdirectories 6. Reproducible builds [5]: Good 7. Install [No previous installs]: Good 8. Upgrade [Over previous installs if any]: Good Additional... A. It would be good to add an upstream contact to 'debian/copyright' if there is one or more. Summary... I believe openscap is not yet ready for sponsorship at this time. Could the contributor rectify one of more of the rasied issues. Once updated to your satisfaction and a new upload done, please remove the 'moreinfo' tag on the Request For Sponsorship (RFS) bug report. Regards Phil [1] pbuilder: * Command: sudo pbuilder build <PACKAGE>.dsc * Document: https://wiki.ubuntu.com/PbuilderHowto. * Document: https://wiki.debian.org/PbuilderTricks [2] sbuild: * Command: sbuild <PACKAGE>.dsc * Document: https://wiki.kathenas.org/pmwiki.php/Kathenas/Article00000002 * Document: https://wiki.debian.org/sbuild [3] lintian: * Command: lintian -v -i -I -E --pedantic --profile debian (*.dsc, *.changes, *.buildinfo). Each can throw up different results, so be thorough. * Document: https://wiki.debian.org/Lintian [4] lrc: * Command: lrc -t * Document: https://wiki.debian.org/CopyrightReviewTools#licenserecon [5] reprotest * Command: sudo reprotest --vary=-build_path,domain_host.use_sudo=1 --auto- build <PACKAGE>.dsc -- schroot unstable-amd64-sbuild * Document: https://wiki.kathenas.org/pmwiki.php/Kathenas/Article00000004 * Document: https://wiki.debian.org/ReproducibleBuilds/ * Document: https://wiki.debian.org/ReproducibleBuilds/Howto#Newer_method -- "I play the game for the game’s own sake" Arthur Conan Doyle - The Adventure of the Bruce-Partington Plans -- Buy Me A Coffee: https://buymeacoffee.com/kathenasorg Internet Relay Chat (IRC): kathenas Matrix: #kathenas:matrix.org Website: https://kathenas.org Instagram: https://instagram.com/kathenasorg/ Threads: https://www.threads.net/@kathenasorg --
signature.asc
Description: This is a digitally signed message part
