[Pkg-mozext-maintainers] Bug#591579: RFP: https-everywhere -- browser extension to enforce SSL browsing according to rules

Wed Aug 10 00:07:10 UTC 2011

tag 591579 + pending
owner 591579 Rogério Brito <rbrito at ime.usp.br>
kthxbye

Hi Rogério,

Rogério Brito wrote:
> I don't know if my previous e-mail got through,

Well, at least now it got through, but I look in my pkg-moz* inbox
just occassionally, so your hint to my personal address was a good
idea. :-)

Rogério Brito wrote:
> > Oh, ok. Jérémy told me on IRC, he hasan't received a reply. Well,
> > anyway, we're on the right way again, now. :-)
> 
> I think that I got why: I am not subscribed to the pkg-mozext-maintainers
> list and both of my previous mails were held up for moderation (and it is
> likely that this one will also be barred from entering the mailing list
> archives).

Ah. :-)

> [...] I already tagged this bug as being mine and pending an upload.

Hmmm, didn't see anything of this. Did it now via this e-mail by
cc'ing control at bugs.d.o.

> For the moment, the sources are here:
> 
>     http://anonscm.debian.org/gitweb/?p=collab-maint/https-everywhere.git

As upstream does primarily offer the .xpi, I would be happy if you
could use git-builpackage together with pristine-tar, so we can store
the .orig.tar.bz2 you use also in the git repo.

For the sponsoring itself, I'd like to have an URL to a .dsc file, though.

> > > OK, great to have some improvements already to the released version.
> > 
> > I think that patch even is suitable for proposing it to upstream.
> 
> Hummm, I just checked and your patch doesn't apply. And the reason why it
> doesn't apply is that upstream has already included support for conqueror.

Now that's cool! Thanks for the hint!

> > Please ping me when you have 1.0 package ready for review/sponsoring
> > or if you have questions.
> 
> It is up for review (not in "dget" form, but in "git-buildpackage" form).

To build the source package from git, I need either the pristine-tar
branch or the .orig.tar.gz, too. For now I used uscan to get a
repacked xpi, but the resulting .orig.tar.bz2 will surely differ from
yours, at least in time stamps, so the hashsums will diff. But as I
got an .orig.tar.gz via uscan, it's not urgent and I could check most
of the package anyway.

About the package: I found no real issue just two minor things:

* It threw one lintian warning:

W: xul-ext-https-everywhere: extra-license-file usr/share/xul-ext/https-everywhere/LICENSE.txt
N: 
N:    All license information should be collected in the debian/copyright
N:    file. This usually makes it unnecessary for the package to install this
N:    information in other places as well.

* debian/copyright:

I'd expect at least one of the copyright years to be 2011 as the
release was this year. But then again, upstream did not update the
copyright years in LICENSE.txt either, so it should not bother too
many people. ;-)

Despite havig a watch file, I'd prefer if you could mention the
download page in addition to the upstream git repo in debian/copyright
as that's usually the first place to look for it. (If that's not
possible with DEP5 to have more than one upstream location mentioned
it's also fine as it is now.)

Anything else looks fine so far anyway. I'd even sponsor it without
the above things fixed, if I get a .dsc file. :-)

P.S.: I like the debian/README.source. :-)

		Regards, Axel
-- 
 ,''`.  |  Axel Beckert <abe at debian.org>, http://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE
  `-    |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5