[Debian-olpc-devel] ITP: bitfrost -- Python library for BIOS security on the OLPC XO laptop
Jonas Smedegaard
jonas at jones.dk
Sun Apr 25 13:14:24 UTC 2010
On Sat, Apr 24, 2010 at 11:31:49PM -0400, Luke Faraone wrote:
>On 04/24/2010 11:17 PM, Luke Faraone wrote:
>> * Package name : bitfrost
>> [..]
>> Bitfrost is the OLPC security platform. This package contains tools
>> to handle securing the early boot stages of the system running on the
>> XO laptop.
>
>Jonas: I've pushed the current packaging to
><http://git.debian.org/?p=collab-maint/bitfrost.git;a=summary>.
Great!
>CDBS decides that my package should depend on python-dev, yet my
>package does not require (as far as I can tell) anything provided by
>this package. This is also triggering a lintian warning:
>> W: bitfrost source: build-depends-on-python-dev-with-no-arch-any
>
>Am I missing something? Should the package be arch-any, or is there
>some way to omit the dependency?
No, you are on the right track :-)
Debian Python Policy states that Python modules should build-depend on
python-dev, but then adds that it may not be necessary in all cases
(read: only in some cases is this really needed).
CDBS is on the safe side, but if you feel certain that this particular
Python module builds fine without python-dev, then you can override by
(un)setting CDBS_BUILD_DEPENDS_class_python-distutils.
Please declare that variable _below_ included CDBS snippets - leaving
only variables above which must be declared early (yes, this is an odd
detail in CDBS which needs proper documentation, but that's off topic).
Another issue that I noticed: The git has prinstine-tar branch enabled
in debian/gbp.conf (good!) but lacks an actual branch (not good). You
probably imported the tarball before adding the config file, and without
explicitly declaring --pristine-tar. I suggest you re-import same
tarball on top of the current one, to include the pristine-tar branch.
Another one: debian/copyright contains GPL and LPGL licenses, but lack
the related disclaimer and reference to FSF. I used to do the same in
the past, but have since learned that even if not strictly part of
"copyright and licensing", the disclaimer is in a broader sense part of
the legal text, so should be included. Similar for the reference to
FSF, but here there's the odd situation that FSF have moved physically
so the "verbatim copy" may be outdated and lintian (and the Debian legal
team) will want the address to be adjusted. I recommend to a) include
the disclaimers right below the licensing text, and add the most modern
reference to FSF website (even if that text is newer than used in any of
the actual files of this project) and add it below the Debian comment on
where to find the full license (so as to indicate that it was not copied
verbatim but added by us).
Other than those minor issues, your packaging looks fine :-)
Kind regards,
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/debian-olpc-devel/attachments/20100425/76e2261f/attachment.pgp>
More information about the Debian-olpc-devel
mailing list