Path: csiph.com!weretis.net!feeder8.news.weretis.net!newsfeed.xs3.de!news.samoylyk.net!gothmog.csi.it!bofh.it!news.nic.it!robomod From: Soren Stoutner Newsgroups: linux.debian.maint.python Subject: Re: python-keepkey_7.2.1+dfsg-1_amd64.changes REJECTED Date: Thu, 13 Nov 2025 19:10:01 +0100 Message-ID: References: X-Mailbox-Line: From debian-python-request@lists.debian.org Thu Nov 13 18:06:23 2025 Old-Return-Path: X-Amavis-Spam-Status: No, score=-114.51 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, LDO_WHITELIST=-5, PGPSIGNATURE=-5, RCVD_IN_DNSWL_MED=-2.3, UNPARSEABLE_RELAY=0.001, USER_IN_DKIM_WELCOMELIST=-0.01, USER_IN_DKIM_WHITELIST=-100] autolearn=ham autolearn_force=no Organization: Debian Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAFVBMVEWIg4F7bGiws7ReTkyy kYoXFRrd6/4yMA0PAAACaklEQVQ4y22TwXabMBBFJaPuNZGSNZZp1uhM6BpkJeu4VFk3bsL/f0Lf CHC6qHyOgbl68zTDoIwaVfh3tUopTUGpbFToDiFnY9IY2oMAZYMiS4R9SfbSXepSS5EcFAa/muIU aRj8mkoUqrEraFzhYegBmqig0LyCIyM8DAwPlpBqmJVYaD2UeWZ3abVjsqKIojg+hY4omsyIcNSi qIBM6jJWOveS6kvBeVvHJ+VYzJUW88RmA12UiBx3HEcUMRuzIZI6tBQovTrPclNB3AuUXoXvs0XY C3B2baJpW4Dn2ZpVMInCirkxoyhM1qpK5nFrO65QvCrCqql2DyPgvm94iMQz5/PmISuEotxQGMD5 M5G1N9CjXJ5HQH96BZG2xx6AzejYZccxT4Re3Zr4bPKkCcGcz5Or3dVEABkAUY/znnVcQVVkrXVU vomoEJFe7x4nQuaZmZELL6qnXZGIB5YV/Q2IogtSmyNybEcBX2+QCLOAQYm+gmoORUrYzV7dc6R2 T1WPm45oVEQqsjtoIovHyTmcyxMhVVxTqapomZyLlAmTKC9AmjgamXXGZo+epNrXO3wGGiPRHbKL FnMy2RRgRb1gzFXXGjhICp8wqaTtdtyQH6nWTfkatJvJJoUCbOjSC7wR9/naEVognxrOFdLh7Ugx QpA/0QT4pRV0+u2dqsXD5y9EBDjVAJS3ZZLxmZblgmsU8x7mBeCKg48Py7WU2IiH1epbEbC8K9Ms y0cpcySVUcdQVrBY+rEsv+XpYgFKXT8B3v2yATxv8fKK2EfC358tsIMLYqfD401xA0j1EY4P/wWf IbhlOWyBv4OQsywBM8MAAAAAAElFTkSuQmCC MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart8951994.HvUHHshVSd"; micalg="pgp-sha512"; protocol="application/pgp-signature" X-Debian-User: soren X-Mailing-List: archive/latest/23353 List-ID: List-URL: List-Archive: https://lists.debian.org/msgid-search/1918832.334EeT0ntf@soren-desktop Approved: robomod@news.nic.it Lines: 100 Sender: robomod@news.nic.it X-Original-Cc: Bastian Blank , Manuel Guerra X-Original-Date: Thu, 13 Nov 2025 11:05:56 -0700 X-Original-Message-ID: <1918832.334EeT0ntf@soren-desktop> X-Original-References: Xref: csiph.com linux.debian.maint.python:17150 --nextPart8951994.HvUHHshVSd Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8"; protected-headers="v1" From: Soren Stoutner To: debian-python@lists.debian.org Subject: Re: python-keepkey_7.2.1+dfsg-1_amd64.changes REJECTED Date: Thu, 13 Nov 2025 11:05:56 -0700 Message-ID: <1918832.334EeT0ntf@soren-desktop> Organization: Debian In-Reply-To: MIME-Version: 1.0 On Thursday, November 13, 2025 9:11:10=E2=80=AFAM Mountain Standard Time Ma= tthias=20 Klose wrote: > On 11/9/25 13:37, Gregor Riepl wrote: > >> There are only a few packages that ship a binary only binary approach > >> in the Python corner. And if so the ecosystem is more complex. That's > >> not the case for keepkey. > >=20 > > This seems quite odd to me. If a Python module contains a corresponding > > application that is frequently used directly, I would expect this to be > > installed in its own package, named like the application, and not in a > > pyhon3-modulename package. > >=20 > > If the corresponding module is rarely, if ever used, it's probably > > better to not produce a python3-modulename package at all, and simply > > put the module into /usr/share/modulename - this is described in the > > packaging policy: [1] > >=20 > > In fact, I can't find any guidance on combined Python module+application > > packages (except for the mentioned case of private modules) in the > > Debian Python Policy. If there is any, I'd be very interested as well. > >=20 > > [1] https://www.debian.org/doc/packaging-manuals/python-policy/ > > #programs-shipping-private-modules >=20 > care to draft something for the Debian policy? >=20 > another reason for splitting even one binary is to have the python3-* > package M-A: same or M-A: foreign. This is usually required for > extension modules very low in the dependency chain. I didn't check if > that's the case for this specific package. >=20 > Addressing these issues in the policy also should give ftp-masters some > guidance. I can see that being an important concern, and I can see that being a=20 persuasive reason to split the packages. I should note that in the case of python-keepkey, =E2=80=9CM-A: same=E2=80= =9D concerns=20 probably don=E2=80=99t apply. The current keepkeyctl package ships one exe= cutable to=20 /usr/bin, but it is not a *compiled* executable. Rather, it is a Python=20 script that can be used as a front-end for python3-keepkey. https://salsa.debian.org/python-team/packages/python-keepkey/-/blob/debian/ master/keepkeyctl?ref_type=3Dheads The only other file of substance that is shipped in keepkeycli is the man=20 page. Based on the conversation so far, it appears that my understanding was=20 incorrect and there is no general objection to shipping files in /usr/bin=20 inside of python3-foo packages as long as they do not prevent the package f= rom=20 being =E2=80=9CM-A: same=E2=80=9D. I will probably wait a few more days to= make sure everyone=20 who might have an objection has time to comment. But, if no other concerns= =20 are raised, then I plan to resubmit the package to NEW with everything=20 shipping inside of python3-keepkey. =2D-=20 Soren Stoutner soren@debian.org --nextPart8951994.HvUHHshVSd Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEJKVN2yNUZnlcqOI+wufLJ66wtgMFAmkWHgQACgkQwufLJ66w tgPyhBAAr/Aae9B2BjdH1DXYytCtjidgbtxNeAi7ZzxVJvSxSuzPY3GoSZv8oIZH i8LJm7nLk+/1RTFT8Ogpt3ambC+Ypv7MwWnJntQdKPZkAb6o+mpGjnxKrMHBHylV m5p/PWFWp4oyQhdut5tJgJAsLAgv6mWC/gC2w0B8hPHQ1JZY/e76MbNp/lZRafe3 /QJJhCLKS1/rJAIJQrRd97xPJBmQAvFrZf9JCVViCfECBIRnl8lD+PVGmEpVSmYp 2TTKrjnCYBhCUROOgZ/f/PmObHCfOAogHwdEQtB2g0hqLzMbvlxC8+TVvW9ZQDIE aoHRZT30hEOfn2nTigoDp6q4YZlNICrzUT7D0DO8itjsbe1ADtUSRBLQMSdUlXZS jLpCi+PIs1LPAyooIPbo875YJb4jYpiSxhRu3wzI/CKv2RKQQSKBjLBJAKKdei7t v36bonc9hrvLpz/hIKMvcUgVBpj/idl6lRo/rqxRpv8HCLxGUzaN2tCv5QIxCWLG XL5LW9hDyUE1SVIufgtBVJzU1hY5HakJ6s385tAtdY9ct4vbCLw1SYXGJKArp8a/ o96kSviakAMAPH3oaCmDl97e3zxZIIx6jWgPtcaYfHq1vMBVqLltqgHea1I/tr1W p12UNfRzq2mmztaLs82O8hQgW83LQYkHis1PWD++jSZcTKEzKDI= =aw1Y -----END PGP SIGNATURE----- --nextPart8951994.HvUHHshVSd--