Path: csiph.com!weretis.net!feeder8.news.weretis.net!fu-berlin.de!news.servidellagleba.it!bofh.it!news.nic.it!robomod From: Scott Kitterman Newsgroups: linux.debian.maint.python,linux.debian.bugs.dist Subject: Re: pdm: Please replace python3-pep517 with python3-pyproject-hooks in Depends/Build-Depends Date: Fri, 18 Aug 2023 16:30:01 +0200 Message-ID: References: X-Original-To: debian-python@lists.debian.org X-Mailbox-Line: From debian-python-request@lists.debian.org Fri Aug 18 14:24:38 2023 Old-Return-Path: X-Amavis-Spam-Status: No, score=-14.4 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FOURLA=0.1, LDO_WHITELIST=-5, PGPSIGNATURE=-5, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no X-Policyd-Weight: using cached result; rate: -5.5 MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2980767.dU5vZ182Wg"; micalg="pgp-sha512"; protocol="application/pgp-signature" X-Mailing-List: archive/latest/21058 List-ID: List-URL: List-Archive: https://lists.debian.org/msgid-search/4186226.453kjVolto@localhost Approved: robomod@news.nic.it Lines: 109 Organization: linux.* mail to news gateway Sender: robomod@news.nic.it X-Original-Cc: 1043002@bugs.debian.org X-Original-Date: Fri, 18 Aug 2023 10:23:38 -0400 X-Original-Message-ID: <4186226.453kjVolto@localhost> X-Original-References: Xref: csiph.com linux.debian.maint.python:15133 linux.debian.bugs.dist:1164598 --nextPart2980767.dU5vZ182Wg Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii"; protected-headers="v1" From: Scott Kitterman To: debian-python@lists.debian.org Cc: 1043002@bugs.debian.org Subject: Re: pdm: Please replace python3-pep517 with python3-pyproject-hooks in Depends/Build-Depends Date: Fri, 18 Aug 2023 10:23:38 -0400 Message-ID: <4186226.453kjVolto@localhost> In-Reply-To: References: On Friday, August 18, 2023 9:33:48 AM EDT Andreas Tille wrote: > Hi Scott, > > Am Fri, Aug 18, 2023 at 01:15:18PM +0000 schrieb Scott Kitterman: > > On August 18, 2023 1:04:26 PM UTC, Andreas Tille wrote: > > >> In Debian terms, it's not the preferred form for modification, so it's > > >> not source. In this regard DFSG goes farther than some software > > >> licenses.> > > > >I think the point Jeroen wanted to make is that these are actually > > >source file archives which "by chance" are featuring a .whl extension > > >rather than a .zip extension. > > > > A wheel is not the preferred form for modification. They're not wheels by > > chance at all. > Yes, thanks to Jeroen's hint I realised this as well and I agree that > this is a nasty way to hide the fact that the files are actually source > archives. They aren't. > However, you confirmed yourself that future_fstrings is an exception and > comes with source and thus does not violate DFSG. The only difference > I personally can see is that the archives are just hiding what they are. > We could simply add do some > for whl in *.whl ; do ln -s $whl $(basename .whl).zip ; done > and we have source archives that are obviously what they are. > > > From a DFSG perspective, > > Hmmm, the only thing where I can draw a violation of the DFSG is that > there are no d/copyright entries for the source code that is hidden > inside these *.whl files. Otherwise its "just" duplicated code (in most > cases) which is definitely not nice but IMHO not a violation of DFSG. > The disagreement here is that Python wheels aren't source. DFSG #2 requires the source be present and these aren't it. If you look at the WAF entry in the FTP team reject FAQ, this is similar. The FTP team view has long been that DFSG #2 means the actual preferred form for modification. > > the most straightforward approach is to build-depend on the relevant > > Debian packages and build any needed wheels from that. > Do avoid source code duplication I'm willing to do that. Yes, I > perfectly agree that its pretty ugly (I'm just a bit unsure about > the DFSG violation). I'm wondering whether a simple > > zip whl.zip /path/to/python/files ; mv whl.zip whl.whl > > will be something that can replace the current packages. I think > we also need to patch the tests to fit the version numbers (if > we do not want to cheat and simply use the version numbers of the > original whl files to avoid patching). Perhaps, but there are nuances to the wheel format. Please use Wheel to generate them. > > It won't necessarily get you the same version as upstream uses, but it's > > definitely DFSG compliant. > We also might symlink our resulting whl files with the version number > pdm upstream might expect in their tests. The question is, whether all > this effort might break the tests in some way and we might end up with > endless patching by at the same time loosing the chance to discuss with > upstream. But it might be time to discuss the issue with upstream > anyway. Perhaps. If it were me, what I'd do is locate the missing tarballs and stash them in debian/missing-sources/ and worry about more complex solutions later. Once you're done that, you've met DSFG #2 and there's no need to strip the wheels from the binary. It's not super maintainable, but it will allow you to focos on getting the tests working as upstream ships them without any Debian customizations that might cause Debian specific failures. Scott K --nextPart2980767.dU5vZ182Wg Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE53Kb/76FQA/u7iOxeNfe+5rVmvEFAmTffusACgkQeNfe+5rV mvE8gQ/+MjCfB5eD8UfqBnghlT0rahr9s/XIquWvCDJFa9xwdWTJCd56U1zBlFlH vRHVq0X9mY7dr4BK5lH0nEqpcUmo4qqrgt7KjcRmk04HeRrRrXxET1+YWVr9PQjn 6kKH816LN96vLpcrdC8BrMwTPulpPMD+37AgPfHSEhCSbf5VNQe27Q59immdaH9/ /qf51YdB4V6CxPTJQJsimiOxa58e74o0UuR4kpZns/FasR4Ny/RCKvcIhn4PeP6Y Q3iN8tGPLsSYwyJG4fnhAJTqNhjNiRfh9V3BQ+O81EAn78Q+aobMkVZjmTXfJgaS DJIMFkCY0COSQJU5gNs7JVtwJRjuSMI3uCwlRfAKt4NWpv8NKianaUpNqi7ACEJA aqiwKa301Jb6uePmR3lEQXrNyl6TGObfuKqPLs+LZzwlXGuJb7wmNGQu7NwvpkS3 cxbNCaeaB2ytpo+8/nU8wROLJtwXPU7/4wtYhkEfY9o5cm62k6cZSsZK+rpIRy8C vqzOhkBcypS2QX/oIUuqD8ocsAxIu0p2gXRcd4q8IP+UkATlusJO5q3crd6erdtW MWRY+kHoVJXM0IwkGlBz+G5P5KmnhgGzsn3cvBRbeW7Z+RNKujkepUdlwitOgCwk IEsGjFThEC3cQE2PvnrIBrMNkwd0vc3VVB+EXYOQEAAmZQmaYf0= =MoGD -----END PGP SIGNATURE----- --nextPart2980767.dU5vZ182Wg--