Procedure to review packaging for mentors
Get the package
- Usually sponsorship-requests (RFS) email tells how to get the package:
dget -x https://mentors.debian.net/debian/pool/main/x/yyy/yyy_zzz-1.dsc
Unless you have the sponsee's key (for example, they're in the DM keyring), you should replace the -x with -ux or dpkg-source will refuse to extract the source package.
- Consider asking the sponsee to put their package in a git repository. This makes things easier when you expect to do several rounds of review.
Check the license
There are a few automatic tools.
- debmake. It compares source tree and debian/copyright, then give you a report.
decopy. It generate a copyright file for reference. (not in stretch, can be installed from unstable https://packages.debian.org/sid/decopy)
decopy -o debian/copyright.tmp diff -u debian/copyright debian/copyright.tmp
- cme. It generate/overwrite debian/copyright.
cp debian/copyright debian/copyright.orig cme update dpkg-copyright -trace diff -u debian/copyright.orig debian/copyright
Please be also noted that as an unwritten exception to the rule, Debian packages where the copyright of the autoconf files is not documented in the Debian copyright file are routinely accepted by our archive administrators. 
Build the package
- You need to install build-dependencies first. Here's a way to remove easily afterwards.
# you need to have package equivs installed before running command below mk-build-deps --root-cmd sudo --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends"
- debuild or dpkg-buildpackage
debuild -us -uc - or - dpkg-buildpackage -us -uc
Auto Check Tools
- lintian (Note: Just verbose the output, but not all of them is must-fix)
lintian --info --display-info --display-experimental --pedantic --show-overrides --color auto
Other things to check
- There're many other things to check. Here're the incomplete list:
Ideas to be added to this page
- add sbuild/pbuilder usage
- "dget -u" unpacks the source in case you already trust the person (but you didn't update the keyring)
- debdiff between versions (in case of update)
filterdiff debdiff -i "*debian*" > debdiff.filtered
- apt build-dep (dsc-file) to build-dependencies