Path: csiph.com!weretis.net!feeder8.news.weretis.net!fu-berlin.de!bofh.it!news.nic.it!robomod From: Simon Josefsson Newsgroups: linux.debian.bugs.dist,linux.debian.maint.python Subject: Bug#1085852: python-securesystemslib 1.1.0 is released Date: Thu, 12 Dec 2024 18:00:01 +0100 Message-ID: References: X-Mailbox-Line: From debian-bugs-dist-request@lists.debian.org Thu Dec 12 16:51:08 2024 Old-Return-Path: X-Spam-Flag: NO X-Spam-Score: -2.951 Reply-To: Simon Josefsson , 1085852@bugs.debian.org Resent-To: debian-bugs-dist@lists.debian.org Resent-Cc: NYU Secure Systems Lab X-Debian-Pr-Message: followup 1085852 X-Debian-Pr-Package: python-securesystemslib X-Debian-Pr-Source: python-securesystemslib X-Hashcash: 1:23:241212:debian-python@lists.debian.org::9kVjT5ro+MHrOTp/:YPpo X-Hashcash: 1:23:241212:lukas.puehringer@nyu.edu::eUoNNmFG1GZdgCAj:IpfG Openpgp: id=B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE; url=https://josefsson.org/key-20190320.txt X-Hashcash: 1:23:241212:1085852@bugs.debian.org::BnHpJR9l9oVJjBTr:7J2x X-Hashcash: 1:23:241212:holger@layer-acht.org::qe1KzTJl242G/T5t:Rlre User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Debian-Message: from BTS X-Mailing-List: archive/latest/1873156 List-ID: List-URL: Approved: robomod@news.nic.it Lines: 56 Organization: linux.* mail to news gateway Sender: robomod@news.nic.it X-Original-Cc: 1085852@bugs.debian.org, debian-python@lists.debian.org, Lukas Puehringer X-Original-Date: Thu, 12 Dec 2024 17:47:32 +0100 X-Original-Message-ID: <877c847srf.fsf@kaka.sjd.se> X-Original-References: <87ikrrh1s3.fsf@kaka.sjd.se> <878qsmazks.fsf@kaka.sjd.se> <874j3aaypn.fsf@kaka.sjd.se> Xref: csiph.com linux.debian.bugs.dist:1223756 linux.debian.maint.python:16571 --=-=-= Content-Type: text/plain Holger Levsen writes: > On Wed, Dec 11, 2024 at 06:58:28PM +0100, Simon Josefsson wrote: >> > fine with me, but maybe https://qa.debian.org/developer.php?login=in-toto-dev%40googlegroups.com >> > would be better? I'm fine with either, please do what you think is >> > more appropriate. >> Happy to, but it also looks like a small team with no written down >> process for how to apply for group membership or packaging workflow. > > right. > >> There is also no Salsa group in use for it. Okay if I move >> python-securesystemslib to Salsa /debian/ namespace, change Maintainer >> to in-toto and add myself as Uploaders? Then I can cleanup remaining >> issues and fix Vcs-* URLs. Or just the 'Debian QA Group'. > > I definitly prefer either the Debian group or the Debian Python team > and would let you choose. I dislike moving the package to the Debian QA > Group however. I have moved my repository to the Python team (cc'ed). I'm monitoring testing migration, and hope to eventually do another upload from this repository to clean up some metadata (see recent commits). https://salsa.debian.org/python-team/packages/securesystemslib This package is a dependency for python-tuf which is a dependency for python-sigstore and https://www.python.org/downloads/metadata/sigstore/ is likely to trigger interest from the Debian python community. I don't feel strongly about any of this, and I'm hoping I'm not stepping on anyones toes with this upload -- let me know if you want to revert anything, or prefer something else. I barely know python, TUF, Sigstore or Debian packaging either, so these packages need help. I realized one problem with using the in-toto-dev package group: it seems to be a closed mailing list, and I recall trying to send e-mail to that list before without any response, so maybe the Googlegroups is configured with limited public posting rights. /Simon --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iIoEARYIADIWIQSjzJyHC50xCrrUzy9RcisI/kdFogUCZ1sTpBQcc2ltb25Aam9z ZWZzc29uLm9yZwAKCRBRcisI/kdFoieUAQCqsqQDu7O9xv8OesKnCzrdPuGfqPIw dH8+QV3uWNQk4gD/SJz0VVJOz2wO44AF+wOl26sX3WCbQtAMoKjqaim4ZAQ= =bltJ -----END PGP SIGNATURE----- --=-=-=--