Bug#1070138: RFS: django-anymail/10.3-1 [ITA] -- Django email backend for multiple ESPs (Python 3)

[Jeroen Ploemen]

On Sun, 19 May 2024 12:53:59 +0530
Akash Doppalapudi  wrote:

> I setup tests for this package.
> 
> Sorry, it took this much time, I was a bit busy and tests on this 
> package were tricky.

No worries, we're all volunteers donating precious time and effort.

Just pushed a fix to make the on-build tests run against all
supported python versions and not run the ones that try to use
resources from an external network. Without that, the build would
fail on my no-networking-allowed pbuilder setup.

Please modify the autopkgtest accordingly, so that it:
* excludes tests that use external resources;
* loops over all supported python versions; and
* tests the installed package, rather than the extracted source
  package.

The last part is typically done by copying the testsuite files to an
empty directory provided for this purpose, subsequently running the
testsuite from there. See [1] for a generic example.

The package should be good to go once the autopkgtest is done.


[1]https://salsa.debian.org/jcfp/python-autocommand/-/tree/master/debian/tests


pgp2Myf0MgszO.pgp
Description: OpenPGP digital signature

Bug#1071015: RFS: color-picker/1.0.3-3 -- Powerful screen color picker based on Qt

[Jeroen Ploemen]

On Sun, 12 May 2024 20:53:28 -0300
Hugo Torres de Lima  wrote:

> I am looking for a sponsor for my package color-picker:

hi Hugo,

uploaded with a minor change to the d/copyright: the year was also
bumped to 2024 for upstream, but the packaged release dates back to
2022 so that cannot be correct.

I reverted that bit, and already pushed the change to the git repo as
well. Otherwise all fine, thanks for your work!


pgp8VdVvjrdOJ.pgp
Description: OpenPGP digital signature

Bug#1070138: RFS: django-anymail/10.3-1 [ITA] -- Django email backend for multiple ESPs (Python 3)

[Jeroen Ploemen]

On Wed, 1 May 2024 00:29:49 +0530
Akash Doppalapudi  wrote:

> I am looking for a sponsor for my package "django-anymail":

hi Akash,

I granted you maintainer level access to the package's git repo
on salsa, please push your changes there.

Took a quick look at the package, it seems to be in very good shape
overall. You might want to point the watch file to upstream's github
though, as the tarballs there include tests and documentation missing
from the releases on pypi. And then of course put that stuff to use :)


pgphQi5yH9_8A.pgp
Description: OpenPGP digital signature

Bug#1069894: RFS: gpscorrelate/2.1-1 -- correlates digital photos with GPS data filling EXIF fields (command line)

[Jeroen Ploemen]

Control: tags -1 moreinfo

On Fri, 26 Apr 2024 20:30:37 +0530
Shriram Ravindranathan  wrote:

> I am looking for a sponsor for my package gpscorrelate:

hi Shriram,

thanks for your interest in adopting this package. I did a review, and
the following issues came up:

* copyright:
  + incorrect license for i18n.h (listed as GPL-2+ but file says
LGPL-2+)
  + debian/* license "GPL-2+ or GPL-3" doesn't make sense, as GPL-3
is already included in GPL-2+

* changelog should close the ITA bug when adopting a package

* control: ancient version requirement for the libexiv2-dev build-dep
  should be dropped

* gpscorrelate-gui.dirs is redundant; these directories will be
  created automatically when the files listed in
  d/gpscorrelate-gui.install get installed

* d/README.Debian seems outdated; it talks about a rationale for
  splitting into two binary packages that aren't interdependent and
  only recommend one another for docs, but then d/control lists one as
  a hard dependency of the other. What changed? Does the README or the
  package need modification?

* rules: tests seem to run fine on build if one removes the override.
  Any reason why they are (still) disabled? If possible, do run tests
  on build; in case you do decide on keeping them off, you could
  probably drop the build-dep on exiv2.

* Wishlist: add an autopkgtest, based on the upstream testsuite.
  Something along the lines of copy the "tests" directory to
  $AUTOPKGTEST_TMP, symlink the gpscorrelate executable, then run
  ./tests/testsuite should work; if you need an example, the re2c
  package takes a similar approach.


I do realise many of the issues above weren't introduced by you, but
that can be an unfortunate side effect of adopting existing packages.

You were granted maintainer level access to the package's git repo at
https://salsa.debian.org/debian/gpscorrelate, so you may push your
current changes and any future work there.


Please remove the moreinfo tag (and CC me) once you have an updated
package ready.


pgpRGCJYBXY5P.pgp
Description: OpenPGP digital signature

Bug#1070095: RFS: sslscan/2.1.3-1 -- Tests SSL/TLS enabled services to discover supported cipher suites

[Jeroen Ploemen]

Control: tags -1 moreinfo

On Mon, 29 Apr 2024 20:47:15 -0500
Alejo Marín  wrote:

> I am looking for a sponsor for my package sslscan:

hi Alejo,

I took a look at sslscan, and some issues came up during review:

* git repository: pristine-tar and upstream branches on salsa are
  stale (looks like you just forgot to push those?)

* copyright: various copyright holders and licenses are missing, see
  docker_test.sh:4
  sslscan.c:6055
  tools/iana_tls_ciphersuite_parser.py:4
  tools/iana_tls_supported_groups_parser.py:4
  win32bit-compat.h:13

Other than that, everything looks good to me.

Please remove the moreinfo tag (and CC me directly) once you have an
updated package ready.


pgptXeM3gEyUa.pgp
Description: OpenPGP digital signature

Bug#1067727: RFS: tcpslice/1.7-1 -- extract pieces of and/or glue together tcpdump files

[Jeroen Ploemen]

Control: tags -1 moreinfo

On Tue, 26 Mar 2024 02:35:25 -0300
Bruno Naibert  wrote:

> I am looking for a sponsor for my package tcpslice:

hi Bruno,

the package looks mostly fine; some minor remarks and questions:

* docs: rm? The README and CREDITS files don't serve any purpose as
  end user documentation; CHANGES is the upstream changelog and would
  be automatically detected and installed as such by
  dh_installchangelogs (i.e. no need to list it anywhere).
* control: why 'root-requires-root: binary-targets'? What exactly
  needs root?
* salsa-ci.yml: is that allow_failure for reprotest still needed?

As for the git repo on salsa: the tags for the packaging should
include the revision, e.g. debian/1.7-1 instead of 'debian/1.7' or
'1.5', as there could be multiple debian revisions for a single
upstream release.


Please remove the moreinfo tag (and CC me when doing so) once you have
an updated package ready.


pgpZrucPfDGwF.pgp
Description: OpenPGP digital signature

Bug#1067859: RFS: python-redmine/2.4.0-2 -- Python library for the Redmine RESTful API (Python 3)

[Jeroen Ploemen]

Control: tags -1 moreinfo

On Thu, 28 Mar 2024 00:07:29 +0530
Akash Doppalapudi  wrote:

> I am looking for a sponsor for my package python-redmine:

hi Akash,

it looks like a new upstream release came out very recently, you might
want to update the packaging to that.

The master branch of the salsa git repo is full of stuff not part of
the upstream tarball, particularly __pycache__ dirs with pyc files
most likely added by mistake (as part of commit a77a3ff9):

$ find . -name *.pyc
./redminelib/resources/__pycache__/__init__.cpython-311.pyc
./redminelib/resources/__pycache__/standard.cpython-311.pyc
[etc...]

Time for a spring cleanup?


The packaging itself looks mostly fine, some minor stuff:
* copyright: upstream year needs updating, see their license file.
* rules: are those PYBUILD_TEST_ARGS still needed these days?


Please remove the moreinfo tag (and CC me directly) once you have an
updated package ready.


pgpqRPq8WpbzV.pgp
Description: OpenPGP digital signature

Bug#1064924: RFS: python-chameleon/4.5.2-1 [ITA] -- XML-based template compiler - doc

[Jeroen Ploemen]

Control: tags -1 moreinfo

Hi Akash,

Package looks mostly alright, remaining issues should be easy to fix:

* control: binary pkg has an unused hardcoded dep on
  python3-pkg-resources, replaced upstream cf. CHANGES.rst:107

* copyright: upstream year needs updating, see COPYRIGHT.txt

* copyright: entry for src/chameleon/astutil.py looks obsolete; the
  file no longer has a copyright header mentioning edgewall software
  and appears to have been completely rewritten, see e.g.
  `git diff upstream/3.8.1 upstream/4.5.2 src/chameleon/astutil.py'

* rules: the sphinxdoc override could be replaced with an
  execute_before that only runs the sphinx build command, that way
  one can avoid calling dh_sphinxdoc with hardcoded arguments.

* the binary pkg includes the upstream testsuite. In previous
  versions, that consisted of a very limited number of small python
  files; in the current version, it has grown in size and also
  includes numerous input files - now making up the bulk of the files
  in the binary pkg. Consider excluding the test files from install
  (and drop the associated lintian overrides) unless they are actually
  needed somehow.


pgpse_JUxS1DL.pgp
Description: OpenPGP digital signature

Re: Bug#1065194: RFS: python-raccoon/3.1.1-1 -- Python DataFrame with fast insert and appends (Python 3)

[Jeroen Ploemen]

Control: tags -1 moreinfo

On Fri, 1 Mar 2024 23:54:26 +0530
Akash Doppalapudi  wrote:

> I am looking for a sponsor for my package "python-raccoon":

hi Akash,

thanks for working on this package. Unfortunately, it fails to build,
so the following remarks and suggestions are based on the source pkg
alone:

* please push your changes to the package's VCS; if you need access
  to its current repository on salsa just let me know (do mention your
  username there).
* multiple build-deps seem to be only needed for running tests, but
  those are disabled in d/rules (probably because the tarball on pypi
  doesn't contain any test files in the first place, only the upstream
  github repo does). Please remove any unused build-deps.
* d/rules incorrectly sets PYBUILD_NAME to the source pkg name, this
  should either be deleted, or set to the name actually used to import
  the module.
* the binary pkg has an unused hardcoded dependency on
  python3-pkg-resources.
* consider adding a very basic autopkgtest by setting 'Testsuite:
  autopkgtest-pkg-python' in d/control.


Build fails with the following error (full log attached):

dpkg-source: info: building python-raccoon in python-raccoon_3.1.1-1.dsc
 debian/rules binary
dh binary --with python3 --buildsystem=pybuild
   dh_update_autotools_config -O--buildsystem=pybuild
   dh_autoreconf -O--buildsystem=pybuild
   dh_auto_configure -O--buildsystem=pybuild
E: pybuild pybuild:389: configure: plugin pyproject failed with: PEP517 plugin 
dependencies are not available. Please Build-Depend on pybuild-plugin-pyproject.
dh_auto_configure: error: pybuild --configure -i python{version} -p "3.12 3.11" 
returned exit code 13
make: *** [debian/rules:6: binary] Error 25


Please remove the moreinfo tag (and CC me directly) once you have an
updated package ready.
I: pbuilder: network access will be disabled during build
I: Current time: Thu Mar 21 10:08:25 CET 2024
I: pbuilder-time-stamp: 1711012105
I: Building the build Environment
I: extracting base tarball [/var/cache/pbuilder/sid-base.tgz]
I: copying local configuration
W: No local /etc/mailname to copy, relying on /var/cache/pbuilder/build//63818/etc/mailname to be correct
W: hookdir /root/.pbuilder/hooks/ does not exist, skipping
I: mounting /proc filesystem
I: mounting /sys filesystem
I: creating /{dev,run}/shm
I: mounting /dev/pts filesystem
I: redirecting /dev/ptmx to /dev/pts/ptmx
I: policy-rc.d already exists
W: Could not create compatibility symlink because /tmp/buildd exists and it is not a directory
I: Obtaining the cached apt archive contents
I: Copying source file
I: copying [./python-raccoon_3.1.1-1.dsc]
I: copying [./python-raccoon_3.1.1.orig.tar.gz]
I: copying [./python-raccoon_3.1.1-1.debian.tar.xz]
I: Extracting source
gpgv: Signature made Fri Mar  1 21:50:26 2024 UTC
gpgv:using RSA key C8B2A95D8D855A9D8C6F0C78BCBCAE31ECE05007
gpgv: Can't check signature: No public key
dpkg-source: warning: cannot verify inline signature for ./python-raccoon_3.1.1-1.dsc: no acceptable signature found
dpkg-source: info: extracting python-raccoon in python-raccoon-3.1.1
dpkg-source: info: unpacking python-raccoon_3.1.1.orig.tar.gz
dpkg-source: info: unpacking python-raccoon_3.1.1-1.debian.tar.xz
I: Not using root during the build.
I: Installing the build-deps
 -> Attempting to satisfy build-dependencies
 -> Creating pbuilder-satisfydepends-dummy package
Package: pbuilder-satisfydepends-dummy
Version: 0.invalid.0
Architecture: amd64
Maintainer: Debian Pbuilder Team 
Description: Dummy package to satisfy dependencies with aptitude - created by pbuilder
 This package was created automatically by pbuilder to satisfy the
 build-dependencies of the package being currently built.
Depends: debhelper-compat (= 13), dh-python, python3-setuptools, python3-all, python3-pytest, python3-tabulate
dpkg-deb: building package 'pbuilder-satisfydepends-dummy' in '/tmp/satisfydepends-aptitude/pbuilder-satisfydepends-dummy.deb'.
Selecting previously unselected package pbuilder-satisfydepends-dummy.
(Reading database ... 16432 files and directories currently installed.)
Preparing to unpack .../pbuilder-satisfydepends-dummy.deb ...
Unpacking pbuilder-satisfydepends-dummy (0.invalid.0) ...
dpkg: pbuilder-satisfydepends-dummy: dependency problems, but configuring anyway as you requested:
 pbuilder-satisfydepends-dummy depends on debhelper-compat (= 13); however:
  Package debhelper-compat is not installed.
 pbuilder-satisfydepends-dummy depends on dh-python; however:
  Package dh-python is not installed.
 pbuilder-satisfydepends-dummy depends on python3-setuptools; however:
  Package python3-setuptools is not installed.
 pbuilder-satisfydepends-dummy depends on python3-all; however:
  Package python3-all is not installed.
 

Re: MESA: error: ZINK: vkCreateInstance failed (VK_ERROR_INCOMPATIBLE_DRIVER)

[Jeroen Ploemen]

On Tue, 12 Mar 2024 09:50:51 +0100 (CET)
PICCA Frederic-Emmanuel
 wrote:

> Hello, I am affected by this error in the autopkgtest of silx[1]
> 
> 487s autopkgtest [22:01:24]: test gui: [---
> 489s MESA: error: ZINK: vkCreateInstance failed
> (VK_ERROR_INCOMPATIBLE_DRIVER) 489s glx: failed to create drisw
> screen 489s failed to load driver: zink
> 493s autopkgtest [22:01:30]: test gui: ---]
> 
> Someone know how to avoid this issue
> 
> the test command is here[2].
> 
> thanks for your help
> 
> [1]
> https://ci.debian.net/packages/s/silx/testing/amd64/43836118/#S12
> [2]
> https://salsa.debian.org/science-team/silx/-/blob/master/debian/tests/gui?ref_type=heads

This affected a pkg of mine as well, and seems to be caused by a
regression in mesa [1]. Long story short, they print messages to
stderr when certain graphics hardware cannot be initialised, even
when that is completely expected (because said hardware simply isn't
present).

For the autopkgtest, you can either wait it out or (temporarily!)
tolerate output on stderr.


[1]https://gitlab.freedesktop.org/mesa/mesa/-/issues/10293


pgpEwZpj0g2GK.pgp
Description: OpenPGP digital signature

Bug#1059233: RFS: python-dbutils/3.0.3-1 [ITP] -- tools for providing connections to a database (Python 3)

[Jeroen Ploemen]

Control: tags -1 moreinfo

On Thu, 21 Dec 2023 18:59:32 +
Dale Richards  wrote:

> I am looking for a sponsor for my package python-dbutils:

hi Dale,

package looks pretty good, with only some minor issues:
* d/python-dbutils-doc.docs: globbing is supported, might want to
  make use of that (docs/*).
* control: 'Testsuite: autopkgtest-pkg-python' is of little use when
  combined with a non-trivial autopkgtest.
* d/tests/control specifies a dependency on python3-pytest, which is
  probably unnecessary as the testsuite runs fine on build without
  it (a cursory glance suggest it only uses stdlib's unittest).
* lintian hit: P: python-dbutils source: trailing-whitespace
  [debian/control:27]

Please remove the moreinfo tag (and CC me directly) once you have an
updated package ready.

PS: your domain has its DMARC policy set to 'reject', which is a bad
idea if you're sending mail to mailing lists; 'quarantine' is usually
the better choice.


pgpNKJWYnKRD1.pgp
Description: OpenPGP digital signature

Re: Bug#1051183: RFS: gsimplecal/2.5-1 -- lightweight GUI calendar application

[Jeroen Ploemen]

Control: tags -1 moreinfo

On Mon, 04 Sep 2023 00:44:08 -0300
Hugo Torres  wrote:

> I am looking for a sponsor for my package gsimplecal:

hi Hugo,

some minor issues came up during review:

* copyright: upstream years outdated (only the years for the packaging
  were changed, despite the changelog claiming otherwise).
* lintian: W: gsimplecal: mismatched-override hardening-no-fortify-functions 
usr/bin/gsimplecal [usr/share/lintian/overrides/gsimplecal:2]
  (probably caused by a change in lintian's output format)


Please remove the moreinfo tag (and CC me directly) once you have an
updated package ready.


pgpfLEFo7SLP8.pgp
Description: OpenPGP digital signature

Re: Bug#1050085: RFS: vnstat/2.11-1 -- console-based network traffic monitor

[Jeroen Ploemen]

Control: tags -1 moreinfo

On Sat, 19 Aug 2023 16:56:12 +0200
Christian Göttsche  wrote:

> I am looking for a sponsor for my package vnstat:

hi Christian,

one minor issue:
* copyright: years outdated for upstream only


Please remove the moreinfo tag (and CC me directly) once you have an
updated package ready.


pgppDizlsbrAu.pgp
Description: OpenPGP digital signature

Bug#1042362: RFS: streamlink/6.0.1-1 -- CLI for extracting video streams from various websites to a video player

[Jeroen Ploemen]

Hi Alexis,

thanks for updating the pkg to the latest release. Only one minor
issue came up during review:

* copyright: info for src/streamlink/webbrowser/cdp/connection.py is
  missing; see the notice starting at line 109 of that file.


pgpGV7m9Ty5fW.pgp
Description: OpenPGP digital signature

Re: Indeterministic output of lintian

[Jeroen Ploemen]

On Thu, 29 Dec 2022 16:14:58 +0100
Hilmar Preuße  wrote:

> An override has been added, but the line, which is found to be to
> long seems to move, hence lintian complains or does not complain.
> 
> What do I do?

Use an asterisk (*) as a wildcard in the override, replacing the
details of the lintian hit that you don't really care about (such as
the line number, or the number of bytes on that particular line).


pgpfXdOvUNyg4.pgp
Description: OpenPGP digital signature

Re: Information on RFP - 864795

[Jeroen Ploemen]

On Fri, 16 Dec 2022 12:12:48 +0530
Moksh Pathak  wrote:

> . I am
> interested in taking up this project and learning about Debian
> Package Management. Being a regular user of Debian based Linux
> distributions, I always wanted to extend my contribution to the
> Debian Project. Please let me know if it is up for grabs.

By definition, any RFP should be; if somewhere were working on it,
they should have changed the bug title to signal their intend to
package.

You may want to take a look at [1][2], and join the #debian-mentors
channel on IRC (OFTC).


[1]https://wiki.debian.org/DebianMentorsFaq#How_do_I_make_my_first_package.3F
[2]https://www.debian.org/doc/manuals/maint-guide/start.en.html


pgpmaohVt76ux.pgp
Description: OpenPGP digital signature

Bug#1018110: RFS: hydrapaper/3.3.1-1 [RC] -- Utility that sets background independently for each monitor

[Jeroen Ploemen]

Control: tags -1 moreinfo

On Thu, 25 Aug 2022 15:49:14 -0300
Francisco M Neto  wrote:

> I am looking for a sponsor for my package hydrapaper:

hi Francisco,

took a look but this package doesn't appear ready for uploading:
* changelog: is that bug really fixed just by switching to gtk4?
  There's still no dependency on python3-pil while the program is
  directly importing from that module!
* copyright: missing entry for the appdata xml file (cc0).
* patches: forwarded upstream but the related merge request was
  closed by yourself; why? is the patch still needed?
* watch: multiple empty lines at EOF
* control:
 + short and long description could use an update (upstream describes
   the program as a "Wallpaper manager with multi monitor support";
   mention additional supported desktop environments, etc.)
 + unused build-dep on python3-willow?
 + the build-dep on libwnck-3-dev appears to server no other purpose
   than pulling in the dbus-1 pkgconfig file from libdbus-1-dev; if
   so, you should depend on the latter directly
 + libhandy-1-0 is a hard dependency of gir1.2-handy-1 but not
   imported or linked directly in hydrapaper, so no need to duplicate
   that here
 + gir1.2-handy-1 itself looks isn't used at all in the new upstream
   release so that should go too 
 + ${shlibs:Depends} is pointless for an arch:all Python package
  
Program fails to start (missing dep on something to ensure gi gtk4 is
present, installing gir1.2-gtk-4.0 seems to fix that):
Traceback (most recent call last):
  File "/usr/bin/hydrapaper", line 60, in 
gi.require_version('Gtk', '4.0')
  File "/usr/lib/python3/dist-packages/gi/__init__.py", line 129, in 
require_version
raise ValueError('Namespace %s not available for version %s' %
ValueError: Namespace Gtk not available for version 4.0

Same for adw:
Traceback (most recent call last):
  File "/usr/bin/hydrapaper", line 62, in 
gi.require_version('Adw', '1')
  File "/usr/lib/python3/dist-packages/gi/__init__.py", line 126, in 
require_version
raise ValueError('Namespace %s not available' % namespace)
ValueError: Namespace Adw not available

Probably missing a dependency on python3-dbus too (imported by
hydrapaperd)? And python3-pil as mentioned earlier.

Please at least take a cursory look at upstream code when packaging
major version bumps, and test your packages on a reasonably clean
testing/unstable install before asking for sponsorship.

Consider adding some basic automated testing, as even a trivial
autopkgtest that just calls `hydrapaper --help' would have failed
with errors similar to the ones listed above.


pgptVMPd_yg_F.pgp
Description: OpenPGP digital signature

Bug#1012401: RFS: csoundqt/1.1.0-1 -- frontend for the csound sound processor

[Jeroen Ploemen]

Control: tags -1 moreinfo

On Mon, 6 Jun 2022 15:22:07 +0200
Dennis Braun  wrote:

> I am looking for a sponsor for my package csoundqt:

hi Dennis,

* copyright is missing info for several files:
  bin/win-installer.iss
  src/Examples/CsoundQt/Miscellaneous/Circle_Map.csd
  src/Examples/CsoundQt/Synths/Sruti-Drone_Box.csd

  Note that the license for one of the examples is DFSG-incompatible
  because it carries a non-commercial clause.

* d/csoundqt.lintian-overrides overrides two tags, but the actual
  problem seems to be the presence of a shebang line in the desktop
  file (at line 1). That line shouldn't be there; patching it out
  would make the lintian hits disappear.


Please remove the moreinfo tag (and put me in the CC) once you have
an updated package ready.


pgpO35CCHhAG_.pgp
Description: OpenPGP digital signature

Bug#1010663: RFS: strawberry/1.0.4-1 [ITP] -- Audio player and music collection organizer

[Jeroen Ploemen]

On Fri, 3 Jun 2022 13:08:55 +0100
Peter B  wrote:

> > Aside from the dbus xml stuff: what exactly do you mean by the
> > comment in the GPL-3 license paragraph?  
> I'm confused regarding GPL-3 & GPL-3+. We now have a License
> paragraph for GPL-3 that excludes later versions, but the full text
> in /usr/share/common-licenses/GPL-3
>      https://www.gnu.org/licenses/gpl-3.0.html
> both include it!
 
The full text includes 'or any later version' in two places: first in
paragraph 14, conditional on that being explicitly specified by the
program in question; the other as part of an example or how one could
apply the terms of the GPL. That example is explicitly outside of the
terms and conditions set by the license. So yes, GPL-version-X-only is
very much a thing.

> > I suspect some of the org.freedesktop.*.xml files on the other
> > hand could be based directly on dbus specs [1] or similar generic
> > interface definitions for use with qdbusxml2cpp, possibly
> > autogenerated by qdbus along the lines of:
> > `QT_SELECT=5 qdbus org.freedesktop.Notifications
> > /org/freedesktop/Notifications
> > org.freedesktop.DBus.Introspectable.Introspect`  
> I've created separate Files paragraphs for each group of files.
> 
> (I'm not sure what the impact of auto-generation is on the
> copyright. I notice that in [3], the author is the upstream
> application author, no reference to org.freedesktop)

Typically, output produced by a program isn't itself covered by the
license of said program. Producing a text on a GPL'ed editor doesn't
put that text under the GPL.

For org.freedesktop.Notifications.xml and DBus.ObjectManager, I don't
see much of a reason to assume it originates from some other project;
so those could reasonably fall directly under the default copyright
paragraph for strawberry (i.e., no separate entry needed).

The org.freedesktop.UDisk2.*.xml files should have their own
(collective) entry, as the original for all of the udisk ones seems to
be [1] with David Zeuthen as the sole copyright holder.

Something similar applies to the org.mpris.*.xml (currently missing
from d/copyright), except here the upstream seems to be [2] (debian
copyright file at [3]).

The org.kde.KGlobalAccel.*.xml appear to be based on files in the
kglobalaccel project [4] (debian copyright at [5]) rather than the kde
documentation, please update the entry to reflect that.


Other than that, the shortname for the LGPL-2 license should have a
plus symbol appended to reflect the 'any later version' option, in
line with the standard shortnames documented by [6].


[1]https://github.com/storaged-project/udisks/blob/master/data/org.freedesktop.UDisks2.xml
[2]https://github.com/eonpatapon/mpDris2/blob/5e5cdacea6e55544064f8b10e0b49bbe2aa044d9/src/mpDris2.in.py#L115
[3]https://salsa.debian.org/debian/mpdris2/-/blob/debian/latest/debian/copyright
[4]https://sources.debian.org/src/kglobalaccel/5.94.0-1/src/
[5]https://tracker.debian.org/media/packages/k/kglobalaccel/copyright-5.94.0-1
[6]https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/#license-short-name


pgpNDrFJfBMHg.pgp
Description: OpenPGP digital signature

Bug#1010663: RFS: strawberry/1.0.4-1 [ITP] -- Audio player and music collection organizer

[Jeroen Ploemen]

On Sun, 29 May 2022 11:52:53 +0100
Peter  wrote:

> Updated copyright and reverted to Qt5

Thanks, qt5 seems to be the way to go for now.

Looks like there's an error in the dbus copyright entry though, given
that the file linked in the comment is under LGPL rather than GPL?

And more importantly: the comment only deals with one of the xml
files, but (as far as I can tell) these do not all originate from a
single source. For example, org.kde.KGlobalAccel.*.xml files appear
in the kglobalaccel package; the Udisks stuff might well be based on
[2]; mpris/MediaPlayer2 in turn appears in [3].

I suspect some of the org.freedesktop.*.xml files on the other hand
could be based directly on dbus specs [1] or similar generic interface
definitions for use with qdbusxml2cpp, possibly autogenerated by
qdbus along the lines of:
`QT_SELECT=5 qdbus org.freedesktop.Notifications /org/freedesktop/Notifications 
org.freedesktop.DBus.Introspectable.Introspect`


Aside from the dbus xml stuff: what exactly do you mean by the comment
in the GPL-3 license paragraph?


[1]https://dbus.freedesktop.org/doc/dbus-specification.html
[2]https://salsa.debian.org/utopia-team/udisks2/-/blob/debian/master/data/org.freedesktop.UDisks2.xml
[3]https://sources.debian.org/src/mpdris2/0.9.1-1/src/mpDris2.in.py/#L133


pgpFtV6NvG6A0.pgp
Description: OpenPGP digital signature

Bug#1010663: RFS: strawberry/1.0.4-1 [ITP] -- Audio player and music collection organizer

[Jeroen Ploemen]

Paul, Thomas, thanks for digging up the old reject.

Peter, I did some more digging and found one unresolved copyright
issue from my previous comment as well as some fresh ones:
* copyright holder Pascal Below for various scrobbler-related files
  is still missing
* copyright holder Nick Lanham missing for savedgroupingmanager.cpp;
  note that copyright for both .cpp and .h is shared with Jonas Kvinge
* missing entry for src/core/lazy.h
* as the info for src/dbus/*.xml doesn't seem to exist anywhere in
  the sources, please add a comment field to that paragraph
  explaining what the entry is based on
* the license paragraph for GPL-3 doesn't restrict the version to
  v3 only (other than the shortname suggesting so) and lacks a link
  to the full text of the license on debian systems


I noticed you changed the build to qt6 and while that works fine, it
does seem that at the moment qt5 is very much the standard qt release
in the distribution. A quick comparison using `reverse-depends -b
qt6-tools-dev` vs the same for qttools5-dev showed 6 packages
build-depending on the former and around 300 on the latter. Is there
any particular advantage to using qt6 for strawberry?


Don't worry too much about the reprotest, sometimes these things throw
a tantrum.


pgpV5avB8sCzo.pgp
Description: OpenPGP digital signature

Bug#1010663: RFS: strawberry/1.0.4-1 [ITP] -- Audio player and music collection organizer

[Jeroen Ploemen]

On Thu, 26 May 2022 15:22:09 +0100
Peter  wrote:

> >> I am looking for a sponsor for my package "strawberry":  

> I don't have privilege to set up repositories on Salsa, but would
> like to have one to run CI. Could someone create an empty
> repository for strawberry under debian group?

I've just created https://salsa.debian.org/debian/strawberry and
granted your account maintainer level access.

Once you got that up and running with the CI I'll take another look
at the package.


pgpcsc9O7VNc8.pgp
Description: OpenPGP digital signature

Bug#1011377: RFS: ngraph-gtk/6.09.06-1 -- create scientific 2-dimensional graphs

[Jeroen Ploemen]

Control: tags -1 moreinfo

On Sat, 21 May 2022 18:42:21 +0900 (JST)
Hiroyuki Ito  wrote:

> I am looking for a sponsor for my package ngraph-gtk:

hi Hiroyuki,

A couple of issues:
* copyright:
  + CC0-1.0 is in common-licenses, no need to have the full license
text verbatim in d/copyright
  + src/gettext.h is under LGPL, not GPL
  + missing copyright holders and license info for various files under
src/gtk/* (at least sourcecompletionwords.*, ruler.c)
* control: this combination of build-deps makes no sense: debhelper
  (>= 12.0.0), debhelper-compat (= 13); you probably want to remove
  the (leftover?) debhelper one
* docs: README and NEWS files aren't useful as documentation (the
  former only mentions the project's homepage, already documented in
  the packaging; the latter is but a list of released versions)

Nitpicking:
* changelog: entry about AC_CHECK_FILE concerns an upstream rather
  than a debian packaging change
* rules: could make use dh_bash-completion or "execute_after" instead
  of an override


Please remove the moreinfo tag (and CC me directly) once you have an
updated package ready.


pgpBWKBrbc1p2.pgp
Description: OpenPGP digital signature

Bug#1010663: RFS: strawberry/1.0.4-1 [ITP] -- Audio player and music collection organizer

[Jeroen Ploemen]

Control: tags -1 moreinfo

On Fri, 6 May 2022 13:11:37 +0100
Peter  wrote:

> I am looking for a sponsor for my package "strawberry":

hi Peter,

like pollo, I'm puzzled by the mention on the ITP bug of the package
being in NEW at some point, only to vanish into thin air? Would be
nice to know what happened to it, if only to avoid running into the
same problems. Maybe Thomas would like to chime in on this?


That said, I took a look anyway. Some comments and observations:
- There's an unused manpage in the debian dir, an apparent leftover
  from the earlier packaging effort
- Copyright:
  * missing copyright holder "Pascal Below" (for various
scrobbler-related files)
  * missing info for 3rdparty/macdeployqt
  * wrong license for 3rdparty/SPMediaKeyTap
  * is upstream the sole contributor to the debian packaging?
  * MIT and Expat license definitions appear identical, please use
Expat as the license name throughout and remove the duplicate
  * the content of the license paragraphs for GPL-3 and GPL-3+ is
identical (but obviously shouldn't be)
  * be careful to exclude copyright claims, comments, etc. from the
license paragraphs; i.e. make the definitions for the BSD-style
licenses start at "Redistribution and use..." so they're generic
and re-usable; everything else belongs in the Files paragraphs
- Control:
  * short description shouldn't start with caps
  * hardcoded libsqlite3-0 library dependency should be handled by
${shlibs:Depends} (libqt5sql5-sqlite is only recommended by the
qt sql lib so that one might actually be justified)
  * a slightly newer standards-version out has come out recently
  * VCS: consider setting up a git repo on salsa.debian.org for your
packaging work and enabling the CI there: it's a great quality
control and collaboration tool, and a real timesaver for reviewers
too
- Docs: upstream changelog installed as doc rather than as changelog
  (via dh_installchangelogs)
- Rules: better list those files in d/clean instead of using an
  override
- Upstream/metadata: is a github user page -even that of the lead
  developer- really the best place to contact the upstream project? 
- Watch: unused dversionmangling

- Build: why -fpermissive?

- FHS: according to its manpage, the tagreader binary "is not meant to
  be run on its own"; is /usr/bin really where it should be installed?
  See https://www.debian.org/doc/packaging-manuals/fhs/ (libexec?)

- Lintian: 
  * I: strawberry: desktop-entry-lacks-keywords-entry
usr/share/applications/org.strawberrymusicplayer.strawberry.desktop

- Tests: upstream ships a testsuite; if possible, please run it on
  build and/or deploy it as an autopkgtest


Please remove the moreinfo tag (and CC me directly) once you have an
updated package ready.


pgpASRMPMiV7F.pgp
Description: OpenPGP digital signature

Bug#1010711: RFS: codelite/16.0.0 dfsg2-1 [QA] -- Powerful and lightweight IDE

[Jeroen Ploemen]

On Sat, 07 May 2022 22:29:46 +
Håvard F. Aasen  wrote:

> I am looking for a sponsor for my package "codelite":
>
> [...]
>
> The changes is pushed here [1] since I don't have access to the
> official repo.

Håvard, thanks for your QA work.

I only made a small change to the watch file before uploading (it
hardcoded "dfsg2" in the version mangling), and consequently also
retagged the debian release. I'll push all missing commits from your
fork to the package's standard repo soon so it all appears in the
expected location.


pgpXBPiTOjfFY.pgp
Description: OpenPGP digital signature

Bug#1010642: RFS: streamlink/4.0.1-1 -- CLI for extracting video streams from various websites to a video player

[Jeroen Ploemen]

Control: tags -1 moreinfo

On Thu, 5 May 2022 23:34:43 +0200
Alexis Murzeau  wrote:

> I am looking for a sponsor for my package streamlink for a new

hi Alexis,

the package as published on mentors ftbfs for me, looks like it's
trying to connect to the internet for something to do with intersphinx
(docs/conf.py:110 ?). See log excerpt [1] below.

Other than that, a few observations:
* control: ancient version requirements for python, requests, and
  pycountry are always met (even in oldstable);
* vcs: consider enabling the CI on Salsa, and pushing changes to
  git before asking for sponsorship - it's a useful quality control
  tool and a nice timesaver for reviewers too.


Please remove the moreinfo tag (and CC me directly) once you have an
updated package ready.


[1] Tail of buildlog:
tests/utils/test_module.py ..[ 96%]
tests/utils/test_named_pipe.py ..[ 96%]
tests/utils/test_parse.py    [ 96%]
tests/utils/test_times.py .. [ 96%]
tests/utils/test_url.py ...

== 4592 passed, 31 skipped in 28.52s ===
   create-stamp debian/debhelper-build-stamp
   dh_testroot -O--buildsystem=pybuild
   dh_prep -O--buildsystem=pybuild
   debian/rules override_dh_auto_install
make[1]: Entering directory '/build/streamlink-4.0.1'
LC_ALL=C.UTF-8 LANGUAGE=C.UTF-8 PYTHONPATH=/build/streamlink-4.0.1/src make 
--directory=docs html man
make[2]: Entering directory '/build/streamlink-4.0.1/docs'
sphinx-build -b html -d _build/doctrees  -W . _build/html
Running Sphinx v4.5.0
making output directory... done
loading intersphinx inventory from 
https://docs.python-requests.org/en/stable/objects.inv...

Warning, treated as error:
failed to reach any of the inventories with the following issues:
intersphinx inventory 'https://docs.python-requests.org/en/stable/objects.inv' 
not fetchable due to : 
HTTPSConnectionPool(host='docs.python-requests.org', port=443): Max retries 
exceeded with>
make[2]: *** [Makefile:45: html] Error 2
make[2]: Leaving directory '/build/streamlink-4.0.1/docs'
make[1]: *** [debian/rules:14: override_dh_auto_install] Error 2
make[1]: Leaving directory '/build/streamlink-4.0.1'
make: *** [debian/rules:10: binary] Error 2
dpkg-buildpackage: error: debian/rules binary subprocess returned exit status 2
I: copying local configuration
E: Failed autobuilding of package
I: unmounting dev/pts filesystem
I: unmounting dev/shm filesystem
I: unmounting proc filesystem
I: unmounting sys filesystem
I: cleaning the build env
I: removing directory /var/cache/pbuilder/build//33402 and its subdirectories


pgphvNL9kTBnw.pgp
Description: OpenPGP digital signature

Bug#1009247: RFS: importlab/0.7-1 [ITP] -- Library to calculate Python dependency graphs

[Jeroen Ploemen]

Control: tags -1 moreinfo

On Sun, 10 Apr 2022 02:36:55 +0500
Lev Borodin  wrote:

> I am looking for a sponsor for my package importlab:

hi Lev,

as mentioned on irc, really solid work! A few comments and
suggestions:

Copyright:
* incorrect year for the upstream copyright (sources mention 2017);
* please use standard license shortnames (missing dash, see [1]);
* the standalone license paragraph should include the license headers
  instead of just a  oneliner.

Rules:
consider using debian/clean respectively execute_before_dh_installman
instead of the two overrides. This would make the rules file even
easier to read and avoid the repeated hardcoding of the buildsystem.

Tests: the upstream testsuite looks very usable as a non-trivial
autopkgtest (replacing the trivial autopkgtest-pkg-python). The
general approach for a python package such as this is to copy the
tests and testdata to an empty directory, then loop over all
supported python versions; see [2] for a well written example.

And lastly, please enable the CI on salsa: it's a great quality
control tool and a real timesaver for reviewers too.

[1] 
https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/#license-short-name
[2] https://sources.debian.org/src/pyliblo/0.10.0-5/debian/tests/


Please remove the moreinfo tag (and CC me directly) once you have an
updated package ready.


pgpwdTJ0O7QxM.pgp
Description: OpenPGP digital signature

Bug#1008790: RFS: tango-icon-theme/0.8.90-9 [ITA] -- Tango icon library

[Jeroen Ploemen]

Control: tags -1 moreinfo

On Fri, 01 Apr 2022 17:34:09 +
Matteo Bini  wrote:

> I am looking for a sponsor for my package tango-icon-theme:

hi Matteo,

the package as uploaded to mentors fails to build from source. Maybe
the time has come to convert it to the dh sequencer?

Tail of the buildlog:
```
I: Running cd /build/tango-icon-theme-0.8.90/ && env 
PATH="/usr/sbin:/usr/bin:/sbin:/bin" HOME="/nonexistent" dpkg-buildpackage -us 
-uc 
dpkg-buildpackage: info: source package tango-icon-theme
dpkg-buildpackage: info: source version 0.8.90-9
dpkg-buildpackage: info: source distribution unstable
dpkg-buildpackage: info: source changed by Matteo Bini 

 dpkg-source --before-build .
dpkg-buildpackage: info: host architecture amd64
 debian/rules clean
test -x debian/rules
rm -f debian/stamp-makefile-build debian/stamp-makefile-install
GCONF_DISABLE_MAKEFILE_SCHEMA_INSTALL=1 /usr/bin/make -C . -k distclean
make[1]: Entering directory '/build/tango-icon-theme-0.8.90'
make[1]: *** No rule to make target 'distclean'.
make[1]: Leaving directory '/build/tango-icon-theme-0.8.90'
make: [/usr/share/cdbs/1/class/makefile.mk:91: makefile-clean] Error 2 (ignored)
rm -f debian/stamp-autotools
rmdir --ignore-fail-on-non-empty .
rmdir: failed to remove '.': Invalid argument
make: [/usr/share/cdbs/1/class/autotools.mk:64: makefile-clean] Error 1 
(ignored)
set -e;
dh_clean 
rm -f debian/stamp-autotools-files
cd "." && rm -f intltool-extract intltool-merge intltool-update 
po/.intltool-merge-cache
 dpkg-source -b .
dpkg-source: info: using source format '3.0 (quilt)'
dpkg-source: info: building tango-icon-theme using existing 
./tango-icon-theme_0.8.90.orig.tar.gz
dpkg-source: info: using patch list from debian/patches/series
dpkg-source: info: building tango-icon-theme in 
tango-icon-theme_0.8.90-9.debian.tar.xz
dpkg-source: info: building tango-icon-theme in tango-icon-theme_0.8.90-9.dsc
 debian/rules binary
test -x debian/rules
dh_testroot
dh_clean -k 
dh_clean: warning: The -k option is not supported in compat 12; use dh_prep 
instead
dh_clean: error: This feature was removed in compat 12.
make: *** [/usr/share/cdbs/1/rules/debhelper.mk:215: 
common-install-prehook-impl] Error 25
dpkg-buildpackage: error: debian/rules binary subprocess returned exit status 2
I: copying local configuration
E: Failed autobuilding of package
I: unmounting dev/pts filesystem
I: unmounting proc filesystem
I: unmounting sys filesystem
I: cleaning the build env 
I: removing directory /var/cache/pbuilder/build//54322 and its subdirectories
```


pgpTyykAKUzTs.pgp
Description: OpenPGP digital signature

Bug#996410: RFS: smplayer/21.8.0-1 -- Complete front-end for MPlayer and mpv

[Jeroen Ploemen]

Control: tags -1 moreinfo

On Wed, 13 Oct 2021 21:18:34 +0200
Mateusz Łukasik  wrote:

> I am looking for a sponsor for my package smplayer:

hi Mateusz,

changelog: '~ds0' is missing from the version, although the upstream
tarball is being repacked same as before.

upstream/metadata: obsolete field removed by a janitor commit isn't
actually gone (change overwritten in a subsequent git merge?).

The package FTBFS when build twice in a row. Build log excerpt:
"""
dpkg-source: info: local changes detected, the modified files are:
 smplayer-21.8.0/version
dpkg-source: error: aborting due to unexpected upstream changes
"""

Lintian detects various spelling errors:
I: smplayer: spelling-error-in-binary usr/bin/smplayer "allows to"
I: smplayer: spelling-error-in-binary usr/bin/smplayer Addd
I: smplayer: spelling-error-in-binary usr/bin/smplayer abitrate


Please remove the moreinfo tag (and CC me directly) once you have an
updated package ready.


pgp2pU0xlH7Es.pgp
Description: OpenPGP digital signature

Bug#995645: RFS: python-certbot-dns-standalone/1.0.3-1 [ITP] -- Standalone DNS plugin for Certbot with an integrated DSN server

[Jeroen Ploemen]

On Tue, 12 Oct 2021 11:56:27 +0300
Linus Vanas  wrote:

> I did CC this RFS to the team email but I don't know how to contact
> them otherwise. The package however seems to naturally belong under
> the team.

I agree; many if not all certbot packages are already maintained
there. I don't know of any mailing list or irc hideout for that team,
so probably best you try contacting the owners directly to bring the
package under the team umbrella.

I'll hold off the upload for the time being.


pgpRZBBctL0EQ.pgp
Description: OpenPGP digital signature

Bug#995645: RFS: python-certbot-dns-standalone/1.0.3-1 [ITP] -- Standalone DNS plugin for Certbot with an integrated DSN server

[Jeroen Ploemen]

On Mon, 11 Oct 2021 23:08:16 +0300
Linus Vanas  wrote:

> Lintian in unstable is unhappy due to #995490, but otherwise the
> package should be clean now.

That look like a lintian issue more than anything else, best to wait
until the dust settles.

One other thing though: the maintainer is set to the Let's Encrypt
team, but their git repo [1] isn't used nor do you appear to be a
member [2]. Care to elaborate? Are you in contact with the team?


[1] https://salsa.debian.org/letsencrypt-team
[2] https://salsa.debian.org/groups/letsencrypt-team/-/group_members


pgp1odj0UGLOP.pgp
Description: OpenPGP digital signature

Bug#995645: RFS: python-certbot-dns-standalone/1.0.3-1 [ITP] -- Standalone DNS plugin for Certbot with an integrated DSN server

[Jeroen Ploemen]

Control: tags -1 moreinfo

On Sun, 3 Oct 2021 18:24:34 +0300
Linus Vanas  wrote:

> I am looking for a sponsor for my package
> python-certbot-dns-standalone:

hi Linus,

The package doesn't build or install any documentation, although
upstream provides both sphinx docs and a readme file. End users
would definitely benefit from having those available to them.

Lintian identified a minor issue:
  * P: python-certbot-dns-standalone source: trailing-whitespace
debian/changelog (line 3)

Control:
  * Typo in short description? ("dsn")
  * Upstream's very own description of their project ("Standalone DNS
Authenticator plugin for Certbot") looks like a prefect short
description. Implementation details such as an integrated dns
server can go in the long description.

Watch:
  * The uversionmangle seems pointless as it doesn't match any
version ever tagged/released by upstream.

And lastly, please enable the CI on salsa. It is a most useful
quality control tool, and a significant time saver for reviewers too.


Please remove the moreinfo tag (and CC me directly) once you have an
updated package ready.


pgplzidvTebDh.pgp
Description: OpenPGP digital signature

Bug#995591: RFS: minidb/2.0.5-2 -- simple SQLite3-based store for Python objects

[Jeroen Ploemen]

On Mon, 4 Oct 2021 21:19:28 +0200
Maxime Werlen  wrote:

> Is it really interresting to keep such basic test ? It doesn't test
> anything not already tested by upstream tests. Will it not be
> simpler to throw them away ?

In that case, doing away with this particular autopkgtest is indeed a
valid option. My initial review already hinted at the possibility too.


pgptSaXV8S4F3.pgp
Description: OpenPGP digital signature

Bug#995591: RFS: minidb/2.0.5-2 -- simple SQLite3-based store for Python objects

[Jeroen Ploemen]

On Mon, 4 Oct 2021 11:23:26 +0200
Maxime Werlen  wrote:

> A new package has been uploaded to mentors.
> I hope I've done it correctly :)

Close :)

For the import.py autopkgtest, just adding "python3-all" to the test
dependencies doesn't cause it to be run against all supported python3
versions - unlike on build where the dh sequencer combined with its
python3 addon handles that for you.

So that autopkgtest actually needs modification to loop over all
supported python3 versions. The easiest way to do this is with a shell
script mimicking the actions of the upstream-tests script, only this
time to run 'import.py'.


pgpXF_OeZKKuG.pgp
Description: OpenPGP digital signature

Bug#995591: RFS: minidb/2.0.5-2 -- simple SQLite3-based store for Python objects

[Jeroen Ploemen]

Control: tags -1 moreinfo

On Sat, 02 Oct 2021 20:41:32 +0200
Maxime Werlen  wrote:

> Package: sponsorship-requests
> Severity: normal
> 
> Dear mentors,
> 
> I am looking for a sponsor for my package "minidb":

hi Maxime,

The package is not lintian clean:
  E: minidb source: missing-build-dependency-for-dh-addon python3 => 
python3:any | python3-all:any | python3-dev:any | python3-all-dev:any | 
dh-sequence-python3

Control:
  The ancient version requirement on the python3 build-dep is always
  satisfied, please remove.

Tests:
  Consider using the upstream testsuite (currently only run during
  build) as autopkgtest. Be sure to copy the tests out of the source
  dir and to loop over all supported python3 versions; there's plenty
  of packages on the python team repo that can serve as examples,
  including [1].
  The current 'import.py' is rather basic in comparison, doesn't test
  against all supported versions and should probably be marked
  "superficial" - if at all retained.


Please remove the moreinfo tag (and CC me directly) once you have an
updated package ready.


[1] 
https://salsa.debian.org/python-team/packages/puremagic/-/tree/master/debian/tests


pgpVZZFTVTU5s.pgp
Description: OpenPGP digital signature

Bug#993499: RFS: python-marshmallow-polyfield/5.10-1 -- marshmallow extension for polymorphic fields

[Jeroen Ploemen]

On Fri, 17 Sep 2021 14:09:54 +0200
"Diego M. Rodriguez"  wrote:

> On Fri, 17 Sep 2021 11:30:24 +0200 Jeroen Ploemen 
> wrote:
> > In that case, for lack of a better option, the upstream git commits
> > could serve as a basis for the years.  
> 
> Noted - in this instance, 2015 is also the date of the initial git
> commit in the upstream repo. Could you let me know if your mention of
> "years" implies also declaring the year of the last commit for this
> release in d/copyright (ie. 2015-2021)?

It does. Copyrights have expiry dates too, so the most recent year matters.


pgpR1HPBTUVmN.pgp
Description: OpenPGP digital signature

Bug#993460: RFS: python-jellyfish/0.8.8-1 -- Library for approximate and phonetic matching of strings

[Jeroen Ploemen]

Control: tags -1 moreinfo

On Wed, 1 Sep 2021 19:09:54 +0200
"Diego M. Rodriguez"  wrote:

> Package: sponsorship-requests
> Severity: normal
> 
> Dear mentors,
> 
> I am looking for a sponsor for my package "python-jellyfish":

hi Diego,

copyright:
 * various copyright holders listed in d/copyright don't have their names
   appear anywhere in the sources. Please refresh and/or add comment
   fields detailing what the affected entries are based on.
 * upstream email address is outdated.

rules:
 * docs are always build, regardless of build profile. Please add a check
   to avoid running the sphinx commands for the 'nodoc' profile.
 * why not enable all hardening?

Package ftbfs when build twice in a row (missing d/clean entries?).
Excerpt from the build log:
 dpkg-source: info: local changes detected, the modified files are:
 python-jellyfish-0.8.8/jellyfish.egg-info/PKG-INFO
 python-jellyfish-0.8.8/jellyfish.egg-info/SOURCES.txt


Please remove the moreinfo tag (and CC me directly) once you have an
updated package ready.


pgpRi_0VJb1ex.pgp
Description: OpenPGP digital signature

Bug#993499: RFS: python-marshmallow-polyfield/5.10-1 -- marshmallow extension for polymorphic fields

[Jeroen Ploemen]

On Fri, 17 Sep 2021 10:53:40 +0200
"Diego M. Rodriguez"  wrote:

> > copyright: where does the 2015 upstream copyright year come from?  
> 
> I think it was added during the initial packaging based on the year of
> the first upstream public release, but indeed there is no explicit
> mention of 2015 in the upstream sources. I have added a comment to
> d/copyright, but I'm not sure if this is the best approach - any
> guidance would be welcome.

In that case, for lack of a better option, the upstream git commits could
serve as a basis for the years.


pgptJxYXe4pcW.pgp
Description: OpenPGP digital signature

Bug#993499: RFS: python-marshmallow-polyfield/5.10-1 -- marshmallow extension for polymorphic fields

[Jeroen Ploemen]

Control: tags -1 moreinfo

On Thu, 2 Sep 2021 11:09:06 +0200
"Diego M. Rodriguez"  wrote:

> Package: sponsorship-requests
> Severity: normal
> 
> Dear mentors,
> 
> I am looking for a sponsor for my package
> "python-marshmallow-polyfield":

copyright: where does the 2015 upstream copyright year come from?

control:
  * why hardcode the dependency on python3-marshmallow for the binary pkg?
  * the build-dep on the same also seems unneeded (at least unless/until
tests are re-enabled, see watch)

watch: consider using github for upstream releases, as the files
published there include the upstream testsuite missing on pypi. And then
put those tests to good use, of course :)


Please remove the moreinfo tag (and CC me directly) once you have an
updated package ready.


pgpVL1CbIZy7Z.pgp
Description: OpenPGP digital signature

Bug#990235: RFS: python-pylatexenc/2.10-1 [ITP] -- Simple LaTeX parser providing conversion to/from unicode

[Jeroen Ploemen]

Control: tags -1 moreinfo

On Wed, 23 Jun 2021 18:05:05 +0200
"Diego M. Rodriguez"  wrote:

> Package: sponsorship-requests
> Severity: wishlist
> 
> Dear mentors,
> 
> I am looking for a sponsor for my package "python-pylatexenc":

Hi Diego,

this package looks quite nice overall, and I like that you've put the
salsa CI features to good use too. Couple of questions and (mostly easily
fixable) issues though:

* The lintian hits on the binary pkg deserve an override:
  X: python3-pylatexenc: application-in-library-section python 
usr/bin/latexwalker usr/bin/latexencode usr/bin/latex2text
  X: python3-pylatexenc: library-package-name-for-application 
usr/bin/latexwalker usr/bin/latexencode usr/bin/latex2text

* Changelog: just the 'Initial release' line closing the ITP bug will do
  for a new package. That will probably also stop mentors from
  complaining about "Package closes bugs in a wrong way".

* Control: why the old compat level 12?

* Copyright: I did initially have my doubts about _uni2latexmap_xml.py
  being subject to both Expat and W3C, but looking at -legal you did your
  homework there and came to a reasonable conclusion.
* Copyright: there's no mention of any copyright later than 2019 held by
  Philippe Faist, yet grepping the upstream sources shows entries as
  recent as 2021 for that person.

* Rules: what is the override of dh_auto_clean trying to achieve?
* Rules: the help2man target seems to require an installed package in
  order to succeed. Any way to make this work with just the extracted
  source package? If not, a comment documenting the requirement would be
  useful.

* Tests: please add non-trivial autopkgtests, based on the upstream
  testsuite. Be sure to copy the tests out of the source dir and to loop
  over all supported python3 versions; there's plenty of packages on the
  python team repo that can serve as examples, including [1].


Please remove the moreinfo tag (and CC me directly) once you have an
updated package ready.


[1] 
https://salsa.debian.org/python-team/packages/puremagic/-/tree/master/debian/tests


pgpQllpwTG1aG.pgp
Description: OpenPGP digital signature

Bug#985216: RFS: sabnzbdplus/2.3.6+dfsg-1+deb10u1 -- web-based binary newsreader with nzb support

[Jeroen Ploemen]

Package: sponsorship-requests
Severity: normal
X-Debbugs-CC: debian-pyt...@lists.debian.org

Dear mentors,

Note that this update has been approved by the stable release managers,
see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984604

I am looking for a sponsor for my package "sabnzbdplus":
 * Package name: sabnzbdplus
   Version : 2.3.6+dfsg-1+deb10u1
   Upstream Author : SABnzbd Team
 * URL : https://sabnzbd.org
 * License : GPL-2+ and others
 * Vcs : 
https://salsa.debian.org/python-team/applications/sabnzbdplus
   Section : contrib/net

It builds those binary packages:

  sabnzbdplus - web-based binary newsreader with nzb support

To access further information about this package, please visit the following 
URL:

  https://mentors.debian.net/package/sabnzbdplus/

Alternatively, one can download the package with dget using this command:

  dget -x 
https://mentors.debian.net/debian/pool/contrib/s/sabnzbdplus/sabnzbdplus_2.3.6+dfsg-1+deb10u1.dsc

Changes since the last upload:

 sabnzbdplus (2.3.6+dfsg-1+deb10u1) buster; urgency=medium
 .
   * Backport upstream security fixes to prevent code execution from
 the program's web interface through crafted settings.
 (CVE-2020-13124)

Regards,
-- 
  jcfp


pgp0HuPOzkUxh.pgp
Description: OpenPGP digital signature

Bug#979433: RFS: sabnzbdplus/3.1.1+dfsg-2 [RC] -- web-based binary newsreader with nzb support

[Jeroen Ploemen]

Package: sponsorship-requests
Severity: important

Dear mentors,

I am looking for a sponsor for my package "sabnzbdplus":

 * Package name: sabnzbdplus
   Version : 3.1.1+dfsg-2
   Upstream Author : The SABnzbd-Team 
 * URL : https://sabnzbd.org
 * License : GPL-2+ and others
 * Vcs : https://salsa.debian.org/python-team/packages/sabnzbdplus
   Section : contrib/net

It builds those binary packages:

  sabnzbdplus - web-based binary newsreader with nzb support

To access further information about this package, please visit the following 
URL:

  https://mentors.debian.net/package/sabnzbdplus/

Alternatively, one can download the package with dget using this command:

  dget -x 
https://mentors.debian.net/debian/pool/contrib/s/sabnzbdplus/sabnzbdplus_3.1.1+dfsg-2.dsc

Changes since the last upload:

 sabnzbdplus (3.1.1+dfsg-2) unstable; urgency=medium
 .
   [ JCF Ploemen (jcfp) ]
   * Tests: adjust syntax of pytest call. (Closes: #979300)
 .
   [ Sandro Tosi ]
   * Use the new Debian Python Team contact name and address


Thanks!


pgpg2jSCtJZq5.pgp
Description: OpenPGP digital signature