Hi Markus, > I suggest we wait a little for a response from > non-f...@buildd.debian.org before we make another upload. However if > there is no response in two weeks, we can just proceed by making a > binary upload of runescape.
Perfect, I will be waiting and I hope it is a positive answer. ;) > Bug #956275 can be resolved by replacing the runescape.png icon. The > license is most likely not BSD-2-clause. You should either document the > correct license, the image must be distributable at least, or you can > create or find your own icon. For instance you could create an image the > same size with a black, red or blue background and then you add the R S > initials in white. Simple icon, easily done. Removed icon that does not belong to the BSD-2-clause license and created the icon itself in SVG and PNG formats using the Inkscape software.[1] [1] https://gitlab.com/coringao/runescape/-/blob/master/src/runescape.png > Bug #956276 is about an additional verification step, e.g. to verify the > integrity of the launcher with a hashsum. You could store the value in a > text file in our Git repository and then fetch the value and compare it > with the hashsum of the binary before you run the java command. By > storing the value in Git we can adjust the value whenever there is a new > runescape update without having to make another Debian upload. This > could be especially useful for stable releases. In any case I would try > to avoid to hardcode the value. > > I don't consider bug #956276 release critical because there is no Debian > Policy justification for it and there is no more risk involved than > downloading the file with a web browser normally poses, so it should be > treated as a normal or important bug. What you can and should do is to > improve the package description. It should be clear that src:runescape > is a mere script that downloads and runs the runescape launcher and that > Debian cannot guarantee the integrity of this binary file because it is > non-free and it is closed source. So simply warn about that in the > package description and when your script is executed. The warning > message could be displayed in a text terminal or you could use zenity to > make it more user friendly and obvious. Added verification of the downloaded file against a hash in good condition. I thank Stephen Kitt for helping me. :D I added a friendly warning when running the launcher via kdialog or zenity.[2] [2] https://gitlab.com/coringao/runescape/-/blob/master/src/runescape.sh Once approved by non-f...@buildd.debian.org, I will update the package to version 0.8, where I will add this warning to the long description of "debian/control" and depends: kdialog | zenity. See you later! -- ⢀⣴⠾⠻⢶⣦⠀ Carlos Donizete Froes [a.k.a coringao] ⣾⠁⢠⠒⠀⣿⡁ Debian Wiki: https://wiki.debian.org/coringao ⢿⡄⠘⠷⠚⠋⠀ GPG: 4096R/B638B780 ⠈⠳⣄⠀⠀⠀ 2157 630B D441 A775 BEFF D35F FA63 ADA6 B638 B780
signature.asc
Description: This is a digitally signed message part
