Hi Roland,
On 2025-03-18 16:52:22, Roland Gruber wrote:
please feel free to upload it. My current sponsor might not be able to
upload it in time:
https://www.ldap-account-manager.org/static/debian-packages/
thanks for your prompt reply. I reviewed your work and have the
following comments/questions:
1. The tarball which is available on
https://www.ldap-account-manager.org/static/debian-packages/ldap-account-manager_9.1.orig.tar.bz2
(sha256sum:
e696226bf1ef11a354712c17635e044cf47f094cbdc2fc06d93a4ee53f532b0f)
differs from the tarball which is available from the URL specified in
the watch file or which is available on Github (sha256sum:
9400e2ab3856c0e6b0a3a55cdf2421613336f5fda0dc098d9b3a789a8f4e1440).
What is the reason for that?
2. The copyright documentation in debian/copyright needs more work. Just
by quickly skimming the files I found the following copyright owners
which are not mentioned:
lib/modules/inetOrgPerson.inc:
Copyright (C) 2003 - 2006 Tilo Lutz
lib/modules/posixGroup.inc:
Copyright (C) 2003 - 2006 Tilo Lutz
templates/delete.php:
Copyright (C) 2003 - 2006 Tilo Lutz
lib/schema.inc:
Copyright (C) 2004 David Smith
templates/pdfedit/pdfmain.php:
Copyright (C) 2003 - 2006 Michael Duergner
templates/pdfedit/pdfpage.php:
Copyright (C) 2003 - 2006 Michael Duergner
templates/help.php:
Copyright (C) 2003 - 2006 Michael Duergner
style/500_layout.css:
Copyright (C) 2003 Leonhard Walchshaeusl
There might be even more.
The debian/copyright file also refers to non-existent files, e. g.
lib/3rdParty/composer/duo
style/600_flatpickr.css
templates/lib/cropper*.js
On the other hand there are existing files whose copyright/license is
undocumented, e. g.
templates/lib/410_cropper-1.6.2.js
I also found copyright years in debian/copyright to be incomplete and/or
outdated.
So I think the package needs a full review of its debian/copyright file
to make sure its data match the copyright/license statements in the
individual files.
One might also use this opportunity to switch to a machine-readable
debian/copyright file as documented on [0].
3. You might add a Closes statement to the debian/changelog file for
this wishlist bug such that the Debian archive maintenance software
automatically closes it on upload and adds some useful metadata to the bug.
4. Just to satisfy my curiosity: You handle quite some links in
maintainer scripts. Wouldn't it be easier to add a
debian/ldap-account-manager.links file and let dh_link handle them? Or
do I miss something which prevents you from doing it?
5. Do you maintain the Debian ldap-account-manager package without
version control system on purpose, e. g. because you or your usual
sponsor do not like it? Or is this just because nobody bothered to set
up a repository so far (e. g. on salsa)? In my opinion reviewing
packages is easier and less time-consuming if the code is under version
control, in particular if the review process involves multiple revision
steps.
Best regards
Peter
[0] https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
