Hi Simon-- On 04/01/2013 04:52 PM, Simon Fondrie-Teitler wrote:
> In anticipation of mediagoblin needing itsdangerous starting with the > next release, I've created a package for itsdangerous. I've uploaded it > here: https://mentors.debian.net/package/python-itsdangerous This packaging looks very good -- simple and clean :) I'm happy to go ahead and upload it as-is if you want me to. Reading it makes me curious about 3 questions (none of them blockers), 2 of which are about upstream. out of curiosity: 0) Licensing: itsdangerous.py says: :license: BSD, see LICENSE for more details. but there is no LICENSE file that i can see. I think the intent here (and in setup.py) is pretty clear, but i'm not sure where you got the specifics of debian/copyright from. Were you in touch with upstream about which BSD license they prefer? Or are you extrapolating from the django codebase some of this descends from? I'm willing to upload because i think upstream's intent is clear, but ultimately it will be up to the ftp-masters to make the call about whether to allow this through the NEW queue, and having a clear story to tell about the licensing might be helpful if there is any hiccup at that stage. 1) Origin: there seem to be multiple sources for this code. debian/watch suggests fetching it from pypi.org; debian/copyright says Source: https://github.com/mitsuhiko/itsdangerous (and setup.py appears to agree), and debian/control says Homepage: http://pythonhosted.org/itsdangerous/ -- these can all be legitimate sources for the code, but i'm curious how they relate to each other upstream. 2) Maintainership: your package lists you personally as the Maintainer: in debian/control. This is fine, but i'm also wondering whether you want the backup of the python-modules-team backup or not. If you want to do this maintenance as part of the python-modules-team, you could join the team on alioth [0], we could list you as Uploader: and put the team in the Maintainer: field. Putting the package under team maintainership might be a little more work now (e.g. setting up an alioth account, deciding whether to integrate with team revision control, etc) and you can always ask folks for help and advice here whether the package is directly listed for the team or otherwise. And of course, this isn't a now-or-never decision; you can always decide to join the team later if you like, and move your projects under its umbrella whenever it makes sense to you. So anyway, please let me know if you want me to upload the current version as-is, or if you want to talk further about any of the questions above. Thanks for your packaging work for debian! --dkg [0] https://alioth.debian.org/projects/python-modules/
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Python-modules-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team
