Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.maint.python > #16571 > unrolled thread

Bug#1085852: python-securesystemslib 1.1.0 is released

Back to article view | Back to linux.debian.maint.python

This discussion starts older than the indexed window; earlier articles aren't shown. The article labeled Started by below is the oldest one visible, not the original post.

Contents

  Bug#1085852: python-securesystemslib 1.1.0 is released Simon Josefsson <simon@josefsson.org> - 2024-12-12 18:00 +0100
    Re: Bug#1085852: python-securesystemslib 1.1.0 is released Simon Josefsson <simon@josefsson.org> - 2024-12-17 09:00 +0100
      Re: Bug#1085852: python-securesystemslib 1.1.0 is released Colin Watson <cjwatson@debian.org> - 2024-12-17 13:10 +0100
        Re: Bug#1085852: python-securesystemslib 1.1.0 is released Colin Watson <cjwatson@debian.org> - 2024-12-17 13:10 +0100
        Re: Bug#1085852: python-securesystemslib 1.1.0 is released Simon Josefsson <simon@josefsson.org> - 2024-12-17 18:30 +0100

#16571 — Bug#1085852: python-securesystemslib 1.1.0 is released

[Multipart message — attachments visible in raw view] — view raw

Holger Levsen <holger@layer-acht.org> writes:

> On Wed, Dec 11, 2024 at 06:58:28PM +0100, Simon Josefsson wrote:
>> > fine with me, but maybe https://qa.debian.org/developer.php?login=in-toto-dev%40googlegroups.com
>> > would be better? I'm fine with either, please do what you think is
>> > more appropriate.
>> Happy to, but it also looks like a small team with no written down
>> process for how to apply for group membership or packaging workflow.
>
> right.
>
>> There is also no Salsa group in use for it.  Okay if I move
>> python-securesystemslib to Salsa /debian/ namespace, change Maintainer
>> to in-toto and add myself as Uploaders?  Then I can cleanup remaining
>> issues and fix Vcs-* URLs.  Or just the 'Debian QA Group'.
>
> I definitly prefer either the Debian group or the Debian Python team
> and would let you choose. I dislike moving the package to the Debian QA
> Group however.

I have moved my repository to the Python team (cc'ed).  I'm monitoring
testing migration, and hope to eventually do another upload from this
repository to clean up some metadata (see recent commits).

https://salsa.debian.org/python-team/packages/securesystemslib

This package is a dependency for python-tuf which is a dependency for
python-sigstore and https://www.python.org/downloads/metadata/sigstore/
is likely to trigger interest from the Debian python community.

I don't feel strongly about any of this, and I'm hoping I'm not stepping
on anyones toes with this upload -- let me know if you want to revert
anything, or prefer something else.  I barely know python, TUF, Sigstore
or Debian packaging either, so these packages need help.

I realized one problem with using the in-toto-dev package group: it
seems to be a closed mailing list, and I recall trying to send e-mail to
that list before without any response, so maybe the Googlegroups is
configured with limited public posting rights.

/Simon

[toc] | [next] | [standalone]

#16574

[Multipart message — attachments visible in raw view] — view raw

I noticed that 1.2.0-1 migrated to testing, so I did an upload to
finalize the packaging move and it now live here:

https://salsa.debian.org/python-team/packages/securesystemslib/

Python team, please review packaging if you have cycles!  I am not up to
speed up all python group best practices.

/Simon

[toc] | [prev] | [next] | [standalone]

#16575

On Tue, Dec 17, 2024 at 08:44:39AM +0100, Simon Josefsson wrote:
> I noticed that 1.2.0-1 migrated to testing, so I did an upload to
> finalize the packaging move and it now live here:
> 
> https://salsa.debian.org/python-team/packages/securesystemslib/
> 
> Python team, please review packaging if you have cycles!  I am not up to
> speed up all python group best practices.

The random Dockerfile is anomalous (though not forbidden) and wouldn't
be used by most of the members of the DPT, so I haven't reviewed it.
The rest looks OK from a quick visual inspection.

Minor points:

 * It's a shame that the basename of the git repository URL doesn't
   match the source package name.  If it's practical to rename the
   repository without too much trouble, that would be good.

 * You could depend on dh-sequence-python3 instead of dh-python, and
   drop "--with python3" from debian/rules.

-- 
Colin Watson (he/him)                              [cjwatson@debian.org]

[toc] | [prev] | [next] | [standalone]

#16576

On Tue, Dec 17, 2024 at 12:06:08PM +0000, Colin Watson wrote:
> On Tue, Dec 17, 2024 at 08:44:39AM +0100, Simon Josefsson wrote:
> > I noticed that 1.2.0-1 migrated to testing, so I did an upload to
> > finalize the packaging move and it now live here:
> > 
> > https://salsa.debian.org/python-team/packages/securesystemslib/
> > 
> > Python team, please review packaging if you have cycles!  I am not up to
> > speed up all python group best practices.
> 
> The random Dockerfile is anomalous (though not forbidden) and wouldn't
> be used by most of the members of the DPT, so I haven't reviewed it.
> The rest looks OK from a quick visual inspection.
> 
> Minor points:
> 
>  * It's a shame that the basename of the git repository URL doesn't
>    match the source package name.  If it's practical to rename the
>    repository without too much trouble, that would be good.
> 
>  * You could depend on dh-sequence-python3 instead of dh-python, and
>    drop "--with python3" from debian/rules.

Oh, also, DPT practice is to use pristine-tar, so please do that.  See
https://wiki.debian.org/Python/GitPackaging.

-- 
Colin Watson (he/him)                              [cjwatson@debian.org]

[toc] | [prev] | [next] | [standalone]

#16578

[Multipart message — attachments visible in raw view] — view raw

Colin Watson <cjwatson@debian.org> writes:

> On Tue, Dec 17, 2024 at 08:44:39AM +0100, Simon Josefsson wrote:
>> I noticed that 1.2.0-1 migrated to testing, so I did an upload to
>> finalize the packaging move and it now live here:
>> 
>> https://salsa.debian.org/python-team/packages/securesystemslib/
>> 
>> Python team, please review packaging if you have cycles!  I am not up to
>> speed up all python group best practices.
>
> The random Dockerfile is anomalous (though not forbidden) and wouldn't
> be used by most of the members of the DPT, so I haven't reviewed it.

I removed that file -- I didn't notice that file myself.  Upstream seems
to have stopped using that process over a year ago and have made several
upstream releases after that.  The file is still present upstream and in
git history if anyone is curious.  I prefer if packaging follows Debian
practices in general and Debian Python packaging team in particular,
let's make it easy for people to help.

> The rest looks OK from a quick visual inspection.

Thank you!  It really helps to have review of new things.

>  * It's a shame that the basename of the git repository URL doesn't
>    match the source package name.  If it's practical to rename the
>    repository without too much trouble, that would be good.

Done.

>  * You could depend on dh-sequence-python3 instead of dh-python, and
>    drop "--with python3" from debian/rules.

Done.

> Oh, also, DPT practice is to use pristine-tar, so please do that.  See
> https://wiki.debian.org/Python/GitPackaging.

Done.

There is a reproducability FTBFS on armhf that I'm trying to debug, but
hopefully I'll do another upload shortly.

/Simon

[toc] | [prev] | [standalone]

Back to top | Article view | linux.debian.maint.python

csiph-web