Source: python-logfury Version: 0.1.2-4 Severity: serious Justification: ftp-master autoreject ruling
Hi, Your package has an autopkgtest, awesome. However, I noticed that it tries to install Python code using pip. Running downloaded code from internet is not allowed in the Debian archive; see the ftp-masters autoreject list [1], so this must be prevented. Note that the download is only tried with the latest upload of check-manifest, so this seems to be a fallback mechanism which should be turned off. Downloading data seems to be allowed, but please add a needs-internet restriction in that case. Your autopkgtest seems to need an update for check-manifest, that's how I discovered this issue. If this is an issue with check-manifest, please clone this issue and reassign one of the two. Paul [1] https://ftp-master.debian.org/REJECT-FAQ.html [Non-Main II] https://ci.debian.net/data/autopkgtest/testing/amd64/p/python-logfury/8443183/log.gz autopkgtest [11:55:16]: test command1: [----------------------- [*] testing on python3.8: running nosetests running egg_info creating src/logfury.egg-info writing src/logfury.egg-info/PKG-INFO writing dependency_links to src/logfury.egg-info/dependency_links.txt writing requirements to src/logfury.egg-info/requires.txt writing top-level names to src/logfury.egg-info/top_level.txt writing manifest file 'src/logfury.egg-info/SOURCES.txt' reading manifest file 'src/logfury.egg-info/SOURCES.txt' reading manifest template 'MANIFEST.in' writing manifest file 'src/logfury.egg-info/SOURCES.txt' WARNING: The pip package is not available, falling back to EasyInstall for handling setup_requires/test_requires; this is deprecated and will be removed in a future version. Searching for build>=0.1 Reading https://pypi.org/simple/build/ Download error on https://pypi.org/simple/build/: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1124) -- Some packages may not be found! Couldn't find index page for 'build' (maybe misspelled?) Scanning index of all packages (this may take a while) Reading https://pypi.org/simple/ Download error on https://pypi.org/simple/: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1124) -- Some packages may not be found! No local packages or working download links found for build>=0.1 error: Could not find suitable distribution for Requirement.parse('build>=0.1') autopkgtest [11:55:17]: test command1: -----------------------]
signature.asc
Description: OpenPGP digital signature