Path: csiph.com!news.samoylyk.net!newsfeed.xs3.de!weretis.net!feeder8.news.weretis.net!fu-berlin.de!bofh.it!news.nic.it!robomod From: Soren Stoutner Newsgroups: linux.debian.maint.python Subject: Re: use of waf in pyinstaller (was: blhc) Date: Sat, 07 Dec 2024 19:40:01 +0100 Message-ID: References: X-Original-To: debian-python@lists.debian.org X-Mailbox-Line: From debian-python-request@lists.debian.org Sat Dec 7 18:35:25 2024 Old-Return-Path: X-Amavis-Spam-Status: No, score=-114.749 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, DKIMWL_WL_HIGH=-0.34, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FOURLA=0.1, LDO_WHITELIST=-5, PGPSIGNATURE=-5, RCVD_IN_DNSWL_MED=-2.3, UNPARSEABLE_RELAY=0.001, USER_IN_DKIM_WELCOMELIST=-0.01, USER_IN_DKIM_WHITELIST=-100] autolearn=ham autolearn_force=no Organization: Debian MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2430400.zCUaImj4dp"; micalg="pgp-sha512"; protocol="application/pgp-signature" X-Debian-User: soren X-Mailing-List: archive/latest/22642 List-ID: List-URL: List-Archive: https://lists.debian.org/msgid-search/1952446.xRyjZeKkKF@soren-desktop Approved: robomod@news.nic.it Lines: 95 Sender: robomod@news.nic.it X-Original-Cc: Scott Kitterman X-Original-Date: Sat, 07 Dec 2024 11:35:02 -0700 X-Original-Message-ID: <1952446.xRyjZeKkKF@soren-desktop> X-Original-References: <7225104.MRShDI54Kn@soren-desktop> <6992686.2H1T9oXYi1@soren-desktop> <90A25D72-662E-4E49-8454-94FD01F3A8E6@kitterman.com> Xref: csiph.com linux.debian.maint.python:16554 --nextPart2430400.zCUaImj4dp Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8"; protected-headers="v1" From: Soren Stoutner To: debian-python@lists.debian.org Cc: Scott Kitterman Subject: Re: use of waf in pyinstaller (was: blhc) Date: Sat, 07 Dec 2024 11:35:02 -0700 Message-ID: <1952446.xRyjZeKkKF@soren-desktop> Organization: Debian In-Reply-To: <90A25D72-662E-4E49-8454-94FD01F3A8E6@kitterman.com> MIME-Version: 1.0 On Saturday, December 7, 2024 11:18:20 AM MST Scott Kitterman wrote: > On December 7, 2024 5:29:39 PM UTC, Soren Stoutner wro= te: > ... >=20 > >I have not had any experience with waf before, and so am not aware of DF= SG=20 or > >malware difficulties that other projects have faced. In the case of > >PyInstaller, most of the waf code is contained in: > > > >https://salsa.debian.org/python-team/packages/pyinstaller/-/tree/debian/ > >master/bootloader/waflib?ref_type=3Dheads > > > >It is written in Python and licensed under the BSD-3-clause. It is used= to > >compile the C code in: > > > >https://salsa.debian.org/python-team/packages/pyinstaller/-/tree/debian/ > >master/bootloader/src?ref_type=3Dheads > > > >Which is licensed under the GPL-2+~with-bootloader-exception, which is t= he > >main license of the project. The resulting bootloader (two files) is=20 shipped > >in the binary package in /usr/lib/python3/dist-packages/PyInstaller/ > >bootloader/Linux-64bit-intel/*. > > > >None of this looks problematic to me. However, if there are any concern= s I > >have missed I would be very interested to hear of them before I submit > >PyInstaller to the NEW queue. >=20 > Have a look at the waf entry in the FTP Team reject FAQ: >=20 > https://ftp-master.debian.org/REJECT-FAQ.html "That's a special case of source code missing. Normally packages using waf = as=20 build system contain a Python script with a compressed tarball embedded as = a=20 binary blob, where it is not obvious how to get the actual source. As that'= s=20 not considered to be the preferred form of modification, it fails the DFSG.= See=20 #645190 and https://wiki.debian.org/UnpackWaf for details.=E2=80=9D As I detailed in the previous email, that does not appear to be the case fo= r=20 PyInstaller. There are no binary blobs that I have found (although I would= be=20 interested in knowing if I have missed them). I do understand and agree wi= th=20 such a concern. It just doesn=E2=80=99t appear to be how waf is used by Py= Installer. =2D-=20 Soren Stoutner soren@debian.org --nextPart2430400.zCUaImj4dp Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEJKVN2yNUZnlcqOI+wufLJ66wtgMFAmdUlVYACgkQwufLJ66w tgMpdw/+Pqf02yhfrQEP21uM0Gsfhx2omKFuiVUtoHyw6VKii9LtJVaxBrI0tym+ 6xQFX+yS6OX/PMugRGbOgWaZBMOboMwJgwz0Xh7XUo4/746tsrzgufUyAiUN7bt+ a/LM6Bzs3s2CDuoABZQIhAAJldb4TaHKjABbc0bNad2evx77clAbp586TwW/F2S+ O7ff8vbXa70TTxtGZdnM4wbtpuC6wVzEkRcevPwGBqUVIwoqQ/UPfY+ds9sfb0Ca E1/0+ttkDJYlNsQpB/xjcFCIfQq31jfPqVUJhJ0dhp63SOklHKpdXfzKkDBS4kiT 07EQB7tURMB+wsNQb2eGz4mCDsoxCCynCtdtqPUrGv5b/2tGWcv4MWiK51xu4q6d cvUp3hhv30OckiHeybMwvXk65ZDtHONcH37tLyxIqNkdsk+qXx18Th70VP/Ht52e BwZYE6US92qFbPan8sjF0e8jd4ZKPEfnLyXiYVDNauh83gKUTJZt4nAz/W7olm42 7fSODCjEFgb6PM4oicTou03Z6y9Yyt/ZwP/lftkPHhrZ+1UtGLbOz0ZGg80dtCcD 4R7/C7msRegV4VXG3zmkhcOdCpw0oFBV83i9TusbVy0Kw1XlMyd5OguoMrqZ4cIn 8ZrZCqGElcAt8xOl2Ivol0ZOs3D+xMA1YMpTZv4c+aMOX03rul8= =ViSl -----END PGP SIGNATURE----- --nextPart2430400.zCUaImj4dp--