Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.maint.python > #16603
| Path | csiph.com!tncsrv06.tnetconsulting.net!newsfeed.endofthelinebbs.com!news.corradoroberto.it!gothmog.csi.it!bofh.it!news.nic.it!robomod |
|---|---|
| From | Simon Josefsson <simon@josefsson.org> |
| Newsgroups | linux.debian.maint.python |
| Subject | Re: Bug#1090897: ITP: python-sigstore-protobuf-specs -- Python bindings for Sigstore's protocol buffer (protobuf) specs |
| Date | Sat, 21 Dec 2024 00:40:02 +0100 |
| Message-ID | <JVUL8-1cWd-11@gated-at.bofh.it> (permalink) |
| References | <JVUL8-1cWd-13@gated-at.bofh.it> |
| X-Mailbox-Line | From debian-python-request@lists.debian.org Fri Dec 20 23:36:04 2024 |
| Old-Return-Path | <simon@josefsson.org> |
| X-Amavis-Spam-Status | No, score=-14.5 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, LDO_WHITELIST=-5, PGPSIGNATURE=-5, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no |
| X-Policyd-Weight | using cached result; rate:hard: -4.6 |
| X-Hashcash | 1:23:241220:debian-python@lists.debian.org::qPu4araqoLQR/WEo:qCF |
| Openpgp | id=B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE; url=https://josefsson.org/key-20190320.txt |
| X-Hashcash | 1:23:241220:1090897@bugs.debian.org::QrTZ0BUjdwdac5x+:2ZCd |
| X-Hashcash | 1:23:241220:submit@bugs.debian.org::4ibsBpOpCpbum8OY:YqDY |
| User-Agent | Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) |
| MIME-Version | 1.0 |
| Content-Type | multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" |
| X-Mailing-List | <debian-python@lists.debian.org> archive/latest/22695 |
| List-ID | <debian-python.lists.debian.org> |
| List-URL | <https://lists.debian.org/debian-python/> |
| List-Archive | https://lists.debian.org/msgid-search/87y10adj1k.fsf@kaka.sjd.se |
| Approved | robomod@news.nic.it |
| Lines | 62 |
| Organization | linux.* mail to news gateway |
| Sender | robomod@news.nic.it |
| X-Original-Date | Sat, 21 Dec 2024 00:35:51 +0100 |
| X-Original-Message-ID | <87y10adj1k.fsf@kaka.sjd.se> |
| X-Original-References | <87wmfufeei.fsf__43421.9961798348$1734716192$gmane$org@kaka.sjd.se> |
| Xref | csiph.com linux.debian.maint.python:16603 |
Show key headers only | View raw
[Multipart message — attachments visible in raw view] - view raw
Hi, I would appreciate packaging review of: https://salsa.debian.org/python-team/packages/python-sigstore-protobuf-specs Some questions/concerns: - Same concern about using PyPI tarballs as for the other packages, some files are missing compared to upstream's GitHub repository. Maybe this is actually common for Python packages, and understanding this is part of my learning curve. But it still feels surprising to me, and a bit sub-optimal from a supply-chain safety point of view: which hosting site to rely on? PyPI that publish tarballs, or GitHub who (should) hold the source code used to generate the tarballs? How to detect when these differ? What to do about it? /Simon Simon Josefsson <simon@josefsson.org> writes: > Package: wnpp > Severity: wishlist > Owner: Simon Josefsson <simon@josefsson.org> > X-Debbugs-Cc: debian-devel@lists.debian.org, debian-python@lists.debian.org > > * Package name : python-sigstore-protobuf-specs > Version : 0.3.3 > Upstream Author : The Sigstore Authors > * URL : https://github.com/sigstore/protobuf-specs > * License : Apache-2 > Programming Lang: Python > Description : Python bindings for Sigstore's protocol buffer (protobuf) specs > > These are the Python language bindings for Sigstore's protobuf specs. > > I plan to maintain this package as part of the Python team: > > https://salsa.debian.org/python-team/packages/python-sigstore-protobuf-specs > > Work in progress will hopefully be found here: > > https://salsa.debian.org/jas/sigstore-protobuf-specs > https://salsa.debian.org/jas/protobuf-specs > > /Simon >
Back to linux.debian.maint.python | Previous | Next | Find similar
Re: Bug#1090897: ITP: python-sigstore-protobuf-specs -- Python bindings for Sigstore's protocol buffer (protobuf) specs Simon Josefsson <simon@josefsson.org> - 2024-12-21 00:40 +0100
csiph-web