在 2026/2/17 13:39, Faidon Liambotis 写道:
I remember the (Python) Team had the conclusion that pypi was not the
preferred point for retrieving source code, and the actual upstream source
code repository (GitHub in this case) should be used whenever possible.
This is exactly what I did in https://salsa.debian.org/fonts-team/uharfbuzz/ .
It's a minor point, but I was not aware of that -- do you happen to have
a reference? In any case...
Looks like there isn't a good reference. There are some discussion like
https://lists.debian.org/debian-python/2023/09/msg00005.html , which raises
valid points that still applies today. Using pypi source tarball is still
fine, but unnecessary artifacts could often be a trouble.
2) I also stripped the tarball from the pregenerated Cython code
(src/uharfbuzz/_harfbuzz.cpp, src/uharfbuzz/_harfbuzz_test.cpp) through
Files-Excluded, as well as debian/clean.
Repacking will not be necessary if we directly take the upstream source
code from GitHub.
...that's a pretty good reason to fetch from GitHub instead of PyPI,
indeed!
All fonts in uharfbuzz are test data, and are not shipped to the end
user anyway. In this case, I don't think we should bother pursuing
the preferred source of modification with patches since they do not
affect our delivered .deb file in any way. On the other hand, preserving
upstream unit tests ensures quality test in post-build tests and
autopkgtest. As a result, I did not repack to strip the font files,
but opted to document the full license of test data. Let's see what
the DFSG Team may say about it.
I understand the reasoning (you even identified a real failure through
those tests, that I didn't). I also understand that it comes down on how
pedantic you want to be with the DFSG.
Note however https://github.com/harfbuzz/uharfbuzz/issues/234 -- I don't
think we have the full license for all fonts, sadly.
At least these info from the github issue should be included in a follow-up
upload.
Thanks,
Boyuan
