reducing pkg PRs

["Jeremy C. Reed" <reed%reedmedia.net@localhost>]

I am guessing at least half of our pkg PRs are for problems that could 
be detected by setting PKG_DEVELOPER=yes and also using pkglint.

It would be good to have a short list to follow before committing a 
change or update or new package to pkgsrc. Here is a start:

Use PKG_DEVELOPER=yes.  This does sanity checks including:

- compares installed files against PLIST

- checks binaries will find their libraries

- make sure installed scripts can find their #! interpreter

- makes sure installed files don't reference pkgsrc work directory.

- check for sensible permissions for installed files and directories

- checks the C and C++ header files for possible problems

- check for shell script portability (like test == and $RANDOM)

- checks that the package doesn't install files to $HOME

Be sure to not disable CHECK_FILES, CHECK_INTERPRETER, CHECK_SHLIBS, and 
CHECK_WRKREF (do not set to "no").

So my questions/comment:

The pkgsrc guide says PKG_DEVELOPER does:
- make sure patches apply with zero fuzz
but that is always done by default regardless of PKG_DEVELOPER as far as 
I see (as long as patch -v works).

Also note that MASTER_SORT_RANDOM and PKGSRC_SHOW_PATCH_ERRORMSG will 
default to "no" when PKG_DEVELOPER is "yes"? Does anything in pkgsrc 
even use PKGSRC_SHOW_PATCH_ERRORMSG -- I don't see it.

What about CHECK_FILES_STRICT ?

Should CHECK_WRKREF default have more features?

Should vulnerability database be updated?

Anything to also add to the list of suggestions for improving packages 
before commit to cvs?