Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.maint.python > #17503

Re: request for review: python-sigstore-models

From Simon Josefsson <simon@josefsson.org>
Newsgroups linux.debian.maint.python
Subject Re: request for review: python-sigstore-models
Date 2026-05-28 17:50 +0200
Message-ID <MZL9D-8ylq-7@gated-at.bofh.it> (permalink)
References <MZn7k-8i16-3@gated-at.bofh.it> <MZD2p-8t4Q-3@gated-at.bofh.it>
Organization linux.* mail to news gateway

Show all headers | View raw

[Multipart message — attachments visible in raw view] - view raw

Jeroen Ploemen <jcfp@debian.org> writes:

> On Wed, 27 May 2026 16:01:28 +0200
> Simon Josefsson <simon@josefsson.org> wrote:
>
>> Hi.
>> 
>> With uv included in Debian, I was able to resume packaging of
>> python-sigstore-models.  I lack experience with python packaging so
>> I would appreciate review of this package before NEW upload:
>> 
>> https://salsa.debian.org/python-team/packages/python-sigstore-models/
>> 
>> My biggest worry is the lack of upstream self-checks --
>> https://github.com/astral-sh/sigstore-models/issues/3 -- making it
>> hard to know if this package is working or not until there are
>> consumers of the package (with self-tests).  I hope to resume
>> packaging of python-sigstore eventually, covering that part:
>> https://bugs.debian.org/1084157
>
> The upstream repo on github does have tests, it's only the releases
> published on pypi that don't. You might want to switch the watch file
> to pull from github instead.
>
> Most issues in the current packaging are related to the lack of
> tests, esp. with the package set up as if they actually were present:
> * testsuite 'autopkgtest-pkg-pybuild' without build-time tests is the
>   equivalent of running /bin/true in an autopkgtest context. In that
>   case, you're better off with autopkgtest-pkg-python (that at least
>   actually does something, even if superficial).
> * build-dep on python3-pydantic is only used while pybuild looks for
>   unittests that aren't there, and could be ditched if you explicitly
>   disable tests via 'export PYBUILD_DISABLE=test' in d/rules.
> * you should probably build-depend on python3 rather than python3-all
>   if you're not running any tests on build.
>
> Obviously, all of the above only applies as long as no tests on run on
> build.
>
> The only other thing that stood out is the unused build-dep on
> python3-setuptools.

Yay, wonderful, thanks!  Fixed in git now, including pulling directly
from GitHub instead, so we now have self-tests.

I recall seeing self-checks dropped from the pypi tarballs before, so
maybe I should make a habit to pull directly from git for future python
packages.  IIRC the python team policy lead me into the pypi approach.

/Simon

Back to linux.debian.maint.python | Previous | NextPrevious in thread | Find similar

Thread

request for review: python-sigstore-models Simon Josefsson <simon@josefsson.org> - 2026-05-27 16:10 +0200
  Re: request for review: python-sigstore-models Norwid Behrnd <nbehrnd@yahoo.com> - 2026-05-27 16:20 +0200
    Re: request for review: python-sigstore-models Simon Josefsson <simon@josefsson.org> - 2026-05-27 16:40 +0200
      Re: request for review: python-sigstore-models Simon Josefsson <simon@josefsson.org> - 2026-05-28 18:10 +0200
  Re: request for review: python-sigstore-models Jeroen Ploemen <jcfp@debian.org> - 2026-05-28 09:10 +0200
    Re: request for review: python-sigstore-models Simon Josefsson <simon@josefsson.org> - 2026-05-28 17:50 +0200

csiph-web