Re: RFS: pcapy/0.11.3-1 [ITA]
On Wednesday, August 29 2018, eamanu wrote: > Hello Sergio, > > I made the changes! Thanks. Did you build the package and run lintian against it, using "-EI --pedantic" (you can use "-i" if you want more information about each warning/info tag)? I can't reply in more detail right now, but you must fix the lintian warnings. I'll try to do an in-depth review tomorrow/Friday. Thanks, -- Sergio GPG key ID: 237A 54B1 0287 28BF 00EF 31F4 D0EB 7628 65FC 5E36 Please send encrypted e-mail if possible http://sergiodj.net/ signature.asc Description: PGP signature
Re: RFS: pcapy/0.11.3-1 [ITA]
Hi Emmanuel, Sorry, you still have to fix a few things before the package is ready for upload. We're almost there; don't give up! On Tuesday, August 21 2018, eamanu wrote: > No problem. However, the "License:" still doesn't reflect the license >> of the software. According to LICENSE: >> >> We provide this software under a slightly modified version of the >> Apache Software License. The only changes to the document were the >> replacement of "Apache" with "Pcapy" and "Apache Software Foundation" >> with "CORE Security Technologies". Feel free to compare the resulting >> document to the official Apache license. >> >> The `Apache Software License' is an Open Source Initiative Approved >> License. >> >> Therefore, I think a better value for the field would be: >> >> License: Apache with Pcapy modifications >> > > Ready! Thanks. The "License:" must be the same in both places, though. Here: Files: * Copyright (C) 2014 CORE Security Technologies . License: Apache Software License with Pcapy modifications and here: License: Apache with Pcapy modifications We provide this software under a slightly modified version of the ... It's OK to use "Apache with Pcapy modifications" in both places. >> I see that the contributions under the debian/ directory are released >> under GPL-3+. That's absolutely fine (I am a GPL advocate as well). >> However, I must warn you that the Debian patches will also be released >> under this license, which may be problematic if/when you decide to >> upstream them. But I understand this is the current situation anyway. >> You may want to try to contact Arnaud Fontaine and ask him if he's OK >> with changing the license to Apache in the future. >> > > Ok. I will contact Arnaud Fontaine to ask about it. I think it's ok for > now. In the next release of package I can update this field. Great. It's OK for now, indeed. > Thanks, but what you did is incomplete. In order to create a new >> package, you have to create an entry for it on d/control. What you did >> (add ${python3:Depends} to python-pcapy's Depends) is wrong because >> you're basically pulling Python 3 dependencies for a Python 2 package. >> Please have a look at other packages under them DPMT and check their >> d/control; you will find many examples of how to create Python 3 >> packages. >> > > Ready! Thanks, that's better, but there are still a few things that need fixing. 1) It's a good practice to explicitly say if the package is a Python 2 or Python 3 module. We do that by suffixing the short description with "(Python X)" (where X is 2 or 2), and by appending "This package installs the library for Python X." to the long description. Like this: Package: python-pcapy Architecture: any Depends: ${python:Depends}, ${shlibs:Depends}, ${misc:Depends} Recommends: python-impacket Description: Python interface to the libpcap packet capture library (Python 2) Pcapy is a Python extension module that interfaces with the libpcap packet capture library. . Pcapy enables Python scripts to capture packets on the network. Pcapy is highly effective when used in conjunction with a packet-handling package such as Impacket, which is a collection of Python classes for constructing and dissecting network packets. . This package installs the library for Python 2. 2) You don't need to specify "Provides:". Please remove them from both packages. As a last note, it seems that you forgot to push the "upstream" and "pristine-tar" branches, so I can't really build the package locally here. Please do that. Thanks, -- Sergio GPG key ID: 237A 54B1 0287 28BF 00EF 31F4 D0EB 7628 65FC 5E36 Please send encrypted e-mail if possible http://sergiodj.net/ signature.asc Description: PGP signature
Re: RFS: pcapy/0.11.3-1 [ITA]
Hello Sergio, No problem. However, the "License:" still doesn't reflect the license > of the software. According to LICENSE: > > We provide this software under a slightly modified version of the > Apache Software License. The only changes to the document were the > replacement of "Apache" with "Pcapy" and "Apache Software Foundation" > with "CORE Security Technologies". Feel free to compare the resulting > document to the official Apache license. > > The `Apache Software License' is an Open Source Initiative Approved > License. > > Therefore, I think a better value for the field would be: > > License: Apache with Pcapy modifications > Ready! > Also, please remove the "All rights reserved." text here: > > Copyright (C) 2003-2011 CORE Security Technologies . > >All rights reserved. > Ready! > Oh, and please fix the years. Nowhere in the code I see "2003-2011". > Doing a basic grep, I see that the year should be 2014. > Ready > > I see that the contributions under the debian/ directory are released > under GPL-3+. That's absolutely fine (I am a GPL advocate as well). > However, I must warn you that the Debian patches will also be released > under this license, which may be problematic if/when you decide to > upstream them. But I understand this is the current situation anyway. > You may want to try to contact Arnaud Fontaine and ask him if he's OK > with changing the license to Apache in the future. > Ok. I will contact Arnaud Fontaine to ask about it. I think it's ok for now. In the next release of package I can update this field. Thanks, but what you did is incomplete. In order to create a new > package, you have to create an entry for it on d/control. What you did > (add ${python3:Depends} to python-pcapy's Depends) is wrong because > you're basically pulling Python 3 dependencies for a Python 2 package. > Please have a look at other packages under them DPMT and check their > d/control; you will find many examples of how to create Python 3 > packages. > Ready! Thanks for your help! Regards! -- Arias Emmanuel https://www.linkedin.com/in/emmanuel-arias-437a6a8a http://eamanu.com
Re: RFS: pcapy/0.11.3-1 [ITA]
On Saturday, August 11 2018, eamanu wrote: > Hello Sergio! > > Thanks for your comments! No problem, and sorry for the delay. > 1) On d/copyright, the license specified for the project is wrong. >> According to the LICENSE file, the project is released under a slightly >> modified version of the Apache license. This is something really >> important to get right, otherwise the ftp-masters will certainly reject >> the package. You listed the license as being "GPL-2", but the text is >> clearly not GPL-2. >> >> Ohh!!! Sorry I saw the old d/copyright file to do this. No problem. However, the "License:" still doesn't reflect the license of the software. According to LICENSE: We provide this software under a slightly modified version of the Apache Software License. The only changes to the document were the replacement of "Apache" with "Pcapy" and "Apache Software Foundation" with "CORE Security Technologies". Feel free to compare the resulting document to the official Apache license. The `Apache Software License' is an Open Source Initiative Approved License. Therefore, I think a better value for the field would be: License: Apache with Pcapy modifications Also, please remove the "All rights reserved." text here: Copyright (C) 2003-2011 CORE Security Technologies . All rights reserved. Oh, and please fix the years. Nowhere in the code I see "2003-2011". Doing a basic grep, I see that the year should be 2014. > 2) Still on d/copyright: as said above, the GPL-2 license is wrong. >> However, I think it's also important to mention that the license text is >> formatted in a strange/wrong manner. You have text like this: >> >> [...] >> Redistribution and use in source and binary forms, with or without >>modification, are permitted provided that the following conditions >>are met: >> >>1. Redistributions of source code must retain the above >> [...] >> >> The correct format for d/copyright is to indent the text using 1 space, >> and to use . (dot) for blank lines. Like this: >> >> [...] >> Redistribution and use in source and binary forms, with or without >> modification, are permitted provided that the following conditions >> are met: >> . >> 1. Redistributions of source code must retain the above >> [...] >> > > > Ready! Thanks. I see that the contributions under the debian/ directory are released under GPL-3+. That's absolutely fine (I am a GPL advocate as well). However, I must warn you that the Debian patches will also be released under this license, which may be problematic if/when you decide to upstream them. But I understand this is the current situation anyway. You may want to try to contact Arnaud Fontaine and ask him if he's OK with changing the license to Apache in the future. >> >> 3) The package uses a *really* old version of debhelper (version 5!). >> We're at version 11 already, so you should update both d/compat and >> d/control (i.e., depend on debhelp >= 11) to reflect that. >> > > Ready! Thanks. >> >> 4) You haven't addressed my comment about building a Python 3 package. >> IMO you should really do that; lintian will warn you if you don't. >> > > Yes, I forgot do that! Sorry! Thanks, but what you did is incomplete. In order to create a new package, you have to create an entry for it on d/control. What you did (add ${python3:Depends} to python-pcapy's Depends) is wrong because you're basically pulling Python 3 dependencies for a Python 2 package. Please have a look at other packages under them DPMT and check their d/control; you will find many examples of how to create Python 3 packages. >> >> 5) You haven't answered my question about why the package has "Suggests: >> doc-base". It seems to be a relic from this very old debhelper; I think >> you can safely remove it. >> > > Yes, I remove it. Since I do not have much knowledge about doc-base and why > it is there, I left it. But now is removed. Thanks, -- Sergio GPG key ID: 237A 54B1 0287 28BF 00EF 31F4 D0EB 7628 65FC 5E36 Please send encrypted e-mail if possible http://sergiodj.net/ signature.asc Description: PGP signature
Re: RFS: pcapy/0.11.3-1 [ITA]
Hello Sergio! Thanks for your comments! I fix the problems that you say me. Please check it 1) On d/copyright, the license specified for the project is wrong. > According to the LICENSE file, the project is released under a slightly > modified version of the Apache license. This is something really > important to get right, otherwise the ftp-masters will certainly reject > the package. You listed the license as being "GPL-2", but the text is > clearly not GPL-2. > > Ohh!!! Sorry I saw the old d/copyright file to do this. 2) Still on d/copyright: as said above, the GPL-2 license is wrong. > However, I think it's also important to mention that the license text is > formatted in a strange/wrong manner. You have text like this: > > [...] > Redistribution and use in source and binary forms, with or without >modification, are permitted provided that the following conditions >are met: > >1. Redistributions of source code must retain the above > [...] > > The correct format for d/copyright is to indent the text using 1 space, > and to use . (dot) for blank lines. Like this: > > [...] > Redistribution and use in source and binary forms, with or without > modification, are permitted provided that the following conditions > are met: > . > 1. Redistributions of source code must retain the above > [...] > Ready! > > 3) The package uses a *really* old version of debhelper (version 5!). > We're at version 11 already, so you should update both d/compat and > d/control (i.e., depend on debhelp >= 11) to reflect that. > Ready! > > 4) You haven't addressed my comment about building a Python 3 package. > IMO you should really do that; lintian will warn you if you don't. > Yes, I forgot do that! Sorry! > > 5) You haven't answered my question about why the package has "Suggests: > doc-base". It seems to be a relic from this very old debhelper; I think > you can safely remove it. > Yes, I remove it. Since I do not have much knowledge about doc-base and why it is there, I left it. But now is removed. Thanks for your help! Regards! -- Arias Emmanuel https://www.linkedin.com/in/emmanuel-arias-437a6a8a http://eamanu.com
Re: RFS: pcapy/0.11.3-1 [ITA]
On Friday, August 10 2018, eamanu wrote: > Hello Sergio, Hi Emmanuel, > I am really sorry for the delay. No need to apologize :-). > I finish the update of pcapy package. I push the commit, but is on > UNRELEASED status. > > Please, check if whole the things are ok, and then I will make change to > unstable status on d/changelog Well, I still see a few problems. Sorry about that. Here's the list of things I spotted: 1) On d/copyright, the license specified for the project is wrong. According to the LICENSE file, the project is released under a slightly modified version of the Apache license. This is something really important to get right, otherwise the ftp-masters will certainly reject the package. You listed the license as being "GPL-2", but the text is clearly not GPL-2. 2) Still on d/copyright: as said above, the GPL-2 license is wrong. However, I think it's also important to mention that the license text is formatted in a strange/wrong manner. You have text like this: [...] Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above [...] The correct format for d/copyright is to indent the text using 1 space, and to use . (dot) for blank lines. Like this: [...] Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: . 1. Redistributions of source code must retain the above [...] 3) The package uses a *really* old version of debhelper (version 5!). We're at version 11 already, so you should update both d/compat and d/control (i.e., depend on debhelp >= 11) to reflect that. 4) You haven't addressed my comment about building a Python 3 package. IMO you should really do that; lintian will warn you if you don't. 5) You haven't answered my question about why the package has "Suggests: doc-base". It seems to be a relic from this very old debhelper; I think you can safely remove it. Thanks, -- Sergio GPG key ID: 237A 54B1 0287 28BF 00EF 31F4 D0EB 7628 65FC 5E36 Please send encrypted e-mail if possible http://sergiodj.net/ signature.asc Description: PGP signature
Re: RFS: pcapy/0.11.3-1 [ITA]
Hello Sergio, I am really sorry for the delay. I finish the update of pcapy package. I push the commit, but is on UNRELEASED status. Please, check if whole the things are ok, and then I will make change to unstable status on d/changelog Thanks! Regards! El lun., 2 de jul. de 2018 a la(s) 21:36, eamanu15 < emmanuelaria...@gmail.com> escribió: > Hello Sergio, > > Sorry for the delay in my response. > > In this week I will work on your reviews. When I fix the problems I will > push to salsa and will let it know you. > > Thanks! > Regards! > Emmanuel > > El sáb., 16 de jun. de 2018 a la(s) 16:38, Sergio Durigan Junior < > sergi...@debian.org> escribió: > >> Control: owner -1 ! >> Control: tags -1 + moreinfo >> >> On Thursday, June 07 2018, eamanu wrote: >> >> > Dear mentors, >> > >> > I am looking for a sponsor for my package "pcapy" >> > >> > * Package name: pcapy >> > Version : 0.11.3-1 >> > Upstream Author : Core Security >> > * URL : https://github.com/CoreSecurity/pcapy >> > * License : Apache Software License >> > Section : python >> > >> > It builds those binary packages: >> > >> > python-pcapy - Python interface to the libpcap packet capture library >> > >> > To access further information about this package, please visit the >> > following URL: >> > >> > https://mentors.debian.net/package/pcapy >> > >> > >> > Alternatively, one can download the package with dget using this >> command: >> > >> > dget -x >> > https://mentors.debian.net/debian/pool/main/p/pcapy/pcapy_0.11.3-1.dsc >> > >> > More information about hello can be obtained from >> https://www.example.com. >> > >> > Changes since the last upload: >> > >> > [ Jakub Wilk ] >> > * Use canonical URIs for Vcs-* fields. >> > >> > [ Ondřej Nový ] >> > * Fixed VCS URL (https) >> > * d/control: Set Vcs-* to salsa.debian.org >> > * d/changelog: Remove trailing whitespaces >> > * Remove debian/pycompat, it's not used by any modern Python helper >> > >> > [ Emmanuel Arias ] >> > * new upstream version >> > * update d/watch to download correctly the last upstream version >> > * update d/control to add Maintainer the DPMT >> > * update d/control to add me to Uploaders field (Closes: #895787) >> > * update debhelper on d/contorl from 5.0.37.2 to 11 >> > * update Standards-Version from 3.9.2 to 4.1.4 on d/control >> > * add Testsuite: autopkgtest-pkg-python on d/control >> > * update d/compat from 5 to 11 >> > * add to copyright file the debian files copyright >> >> Hi Emmanuel, >> >> Thanks for the package, and for your interest in adopting it! The first >> question I have is about the VCS. I tried finding your commits on the >> official Salsa repo, but wasn't able to. Are you using any other >> repository for that? It's much easier to review the changes when >> there's a repository, and I strongly suggest you use the official one >> for the packaging. >> >> As for the review, here's what I'd like you to address: >> >> 1) d/copyright should follow DEP-5. Take a look at: >> >> https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ >> >> and you'll be able to find instructions on the format of the file. It >> shouldn't be too hard for you to convert the existing file. >> >> 2) The package doesn't need CDBS anymore, so you can safely remove it >> from the Build-Depends line. >> >> 3) The "Homepage" field can have a better URL: >> >> https://www.coresecurity.com/corelabs-research/open-source-tools/pcapy >> >> 4) You should consider packaging a Python 3 package, as well as the >> Python 2 you're already packaging (in which case you could probably >> split the documentation part into its own package). If Python 3 is not >> supported, you should contact upstream and probably file a bug against >> it. >> >> 5) Any reason why the package has "Suggests: doc-base"? >> >> 6) It's a good habit to export the PYBUILD_NAME variable (on d/rules): >> >> export PYBUILD_NAME=pcapy >> >> This variable tells pybuild what's the name of your project. >> >> 7) It's a good idea to use (on d/rules): >> >> export DEB_BUILD_MAINT_OPTIONS = hardening=+all >> >> since your package is building a shlib. >> >> 8) The package is installing the LICENSE file by default, but this is >> not needed since we have the d/copyright file. Therefore, it'd be good >> if you could remove this file from the package. You can do that by >> e.g. overriding dh_auto_install and rm'ing the file there. >> >> >> I think that's basically everything I've spotted. Please let me know if >> you need any help. >> >> Cheers, >> >> -- >> Sergio >> GPG key ID: 237A 54B1 0287 28BF 00EF 31F4 D0EB 7628 65FC 5E36 >> Please send encrypted e-mail if possible >> http://sergiodj.net/ >> > -- > Arias Emmanuel > https://www.linkedin.com/in/emmanuel-arias-437a6a8a > http://eamanu.com > -- Arias Emmanuel https://www.linkedin.com/in/emmanuel-arias-437a6a8a http://eamanu.com
Re: RFS: pcapy/0.11.3-1 [ITA]
Control: owner -1 ! Control: tags -1 + moreinfo On Thursday, June 07 2018, eamanu wrote: > Dear mentors, > > I am looking for a sponsor for my package "pcapy" > > * Package name: pcapy > Version : 0.11.3-1 > Upstream Author : Core Security > * URL : https://github.com/CoreSecurity/pcapy > * License : Apache Software License > Section : python > > It builds those binary packages: > > python-pcapy - Python interface to the libpcap packet capture library > > To access further information about this package, please visit the > following URL: > > https://mentors.debian.net/package/pcapy > > > Alternatively, one can download the package with dget using this command: > > dget -x > https://mentors.debian.net/debian/pool/main/p/pcapy/pcapy_0.11.3-1.dsc > > More information about hello can be obtained from https://www.example.com. > > Changes since the last upload: > > [ Jakub Wilk ] > * Use canonical URIs for Vcs-* fields. > > [ Ondřej Nový ] > * Fixed VCS URL (https) > * d/control: Set Vcs-* to salsa.debian.org > * d/changelog: Remove trailing whitespaces > * Remove debian/pycompat, it's not used by any modern Python helper > > [ Emmanuel Arias ] > * new upstream version > * update d/watch to download correctly the last upstream version > * update d/control to add Maintainer the DPMT > * update d/control to add me to Uploaders field (Closes: #895787) > * update debhelper on d/contorl from 5.0.37.2 to 11 > * update Standards-Version from 3.9.2 to 4.1.4 on d/control > * add Testsuite: autopkgtest-pkg-python on d/control > * update d/compat from 5 to 11 > * add to copyright file the debian files copyright Hi Emmanuel, Thanks for the package, and for your interest in adopting it! The first question I have is about the VCS. I tried finding your commits on the official Salsa repo, but wasn't able to. Are you using any other repository for that? It's much easier to review the changes when there's a repository, and I strongly suggest you use the official one for the packaging. As for the review, here's what I'd like you to address: 1) d/copyright should follow DEP-5. Take a look at: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ and you'll be able to find instructions on the format of the file. It shouldn't be too hard for you to convert the existing file. 2) The package doesn't need CDBS anymore, so you can safely remove it from the Build-Depends line. 3) The "Homepage" field can have a better URL: https://www.coresecurity.com/corelabs-research/open-source-tools/pcapy 4) You should consider packaging a Python 3 package, as well as the Python 2 you're already packaging (in which case you could probably split the documentation part into its own package). If Python 3 is not supported, you should contact upstream and probably file a bug against it. 5) Any reason why the package has "Suggests: doc-base"? 6) It's a good habit to export the PYBUILD_NAME variable (on d/rules): export PYBUILD_NAME=pcapy This variable tells pybuild what's the name of your project. 7) It's a good idea to use (on d/rules): export DEB_BUILD_MAINT_OPTIONS = hardening=+all since your package is building a shlib. 8) The package is installing the LICENSE file by default, but this is not needed since we have the d/copyright file. Therefore, it'd be good if you could remove this file from the package. You can do that by e.g. overriding dh_auto_install and rm'ing the file there. I think that's basically everything I've spotted. Please let me know if you need any help. Cheers, -- Sergio GPG key ID: 237A 54B1 0287 28BF 00EF 31F4 D0EB 7628 65FC 5E36 Please send encrypted e-mail if possible http://sergiodj.net/ signature.asc Description: PGP signature
RFS: pcapy/0.11.3-1 [ITA]
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "pcapy" * Package name: pcapy Version : 0.11.3-1 Upstream Author : Core Security * URL : https://github.com/CoreSecurity/pcapy * License : Apache Software License Section : python It builds those binary packages: python-pcapy - Python interface to the libpcap packet capture library To access further information about this package, please visit the following URL: https://mentors.debian.net/package/pcapy Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/p/pcapy/pcapy_0.11.3-1.dsc More information about hello can be obtained from https://www.example.com. Changes since the last upload: [ Jakub Wilk ] * Use canonical URIs for Vcs-* fields. [ Ondřej Nový ] * Fixed VCS URL (https) * d/control: Set Vcs-* to salsa.debian.org * d/changelog: Remove trailing whitespaces * Remove debian/pycompat, it's not used by any modern Python helper [ Emmanuel Arias ] * new upstream version * update d/watch to download correctly the last upstream version * update d/control to add Maintainer the DPMT * update d/control to add me to Uploaders field (Closes: #895787) * update debhelper on d/contorl from 5.0.37.2 to 11 * update Standards-Version from 3.9.2 to 4.1.4 on d/control * add Testsuite: autopkgtest-pkg-python on d/control * update d/compat from 5 to 11 * add to copyright file the debian files copyright Regards, Emmanuel -- Arias Emmanuel https://www.linkedin.com/in/emmanuel-arias-437a6a8a http://eamanu.com -- Arias Emmanuel https://www.linkedin.com/in/emmanuel-arias-437a6a8a http://eamanu.com