Re: PyPI wheels (was Re: Python Policy)

2015-10-21 Thread Jeremy Stanley
nd you, aren't even actually required to be usable python packages, they could be just about anything) would be nice, I don't have any expectation that PyPI would ever eventually make it mandatory. -- Jeremy Stanley

Re: python-networkx_1.10-1_amd64.changes ACCEPTED into experimental

2015-10-05 Thread Jeremy Stanley
orary measure and can be removed if all the broken tests are either removed or corrected (the assumption being that distro package maintainers who have an interest in that branch may volunteer to backport those patches from master if this is important to them). -- Jeremy Stanley

Re: mock 1.2 breaking tests (was: python-networkx_1.10-1_amd64.changes ACCEPTED into experimental)

2015-10-06 Thread Jeremy Stanley
nches with dependencies which were contemporary to the corresponding releases rather than chasing ever changing behavior in them. Sometimes it is done for expediency due to lack of interested volunteer effort, and sometimes out of necessity because dependencies may simply conflict in unresolvable ways. -- Jeremy Stanley

Re: static analysis and other tools for checking Python code

2016-03-02 Thread Jeremy Stanley
rg/pypi/clonedigger I can probably think up more that I've used, but the above rise to the top of my list. -- Jeremy Stanley

Re: static analysis and other tools for checking Python code

2016-03-02 Thread Jeremy Stanley
On 2016-03-03 08:38:40 +0800 (+0800), Paul Wise wrote: [...] > FYI pep257 is definitely packaged: > > https://packages.debian.org/search?keywords=pep257 [...] Whoops! Thanks--I almost certainly fat-fingered my package search on that one. -- Jeremy Stanley

Re: Test suite in github but missing from pypi tarballs

2016-04-21 Thread Jeremy Stanley
ely" is interpreted in ways consistent with, say, tarballs for C-based projects. Consider `setup.py sdist` similar to `make dist` where the dist target of some projects may still run additional commands to generate metadata or other files not tracked in revision control prior to invoking tar/gzip. -- Jeremy Stanley

Re: pip for stretch

2016-11-21 Thread Jeremy Stanley
nning pip on unstable when developing, and I run it from a bootstrapped virtualenv anyway so don't actually use the Debian package of it other than to bootstrap my initial venv. -- Jeremy Stanley

Re: Binary naming for Django Related Packages

2016-12-03 Thread Jeremy Stanley
vel init when some modules were editable installs. Historical details of the decision are outlined at: https://specs.openstack.org/openstack/oslo-specs/specs/kilo/drop-namespace-packages.html#problem-description > -- Jeremy Stanley

Re: PyPI source or github source?

2017-03-13 Thread Jeremy Stanley
rs would rather not check into their revision control systems. So sdists, while a tarball under the hood (and by filename extension), are still really an installable packaging format more than they are a source distribution format. -- Jeremy Stanley

Re: GnuPG signatures on PyPI: why so few?

2017-03-12 Thread Jeremy Stanley
er what's employed for Debian's archive keys. -- Jeremy Stanley signature.asc Description: Digital signature

Re: a few quick questions on gbp pq workflow

2017-08-06 Thread Jeremy Stanley
om the source package to upstream release announcements/checksums/signatures is a pretty large benefit you're robbing from downstream recipients who might wish to take advantage it. -- Jeremy Stanley signature.asc Description: Digital signature

Re: a few quick questions on gbp pq workflow

2017-08-06 Thread Jeremy Stanley
sitories (and generating intermediate sdists on the fly or supplying version data directly from the environment via debian/rules)? I'm eager to see what upstream release management features you're taking advantage of so we can better know which of those efforts are valuable to distro package maintai

Re: a few quick questions on gbp pq workflow

2017-08-06 Thread Jeremy Stanley
to including them in the archive as fairly serious bug in its software. -- Jeremy Stanley signature.asc Description: Digital signature

Re: Ad-hoc Debian Python BoF at PyCon US 2017

2017-06-20 Thread Jeremy Stanley
ore the community feels its Py3K support efforts are truly complete. -- Jeremy Stanley signature.asc Description: Digital signature

Re: Backport of Python 3.6 for Debian Stretch?

2018-04-24 Thread Jeremy Stanley
re not willing. https://backports.debian.org/Contribute/ -- Jeremy Stanley signature.asc Description: PGP signature

Re: Backport of Python 3.6 for Debian Stretch?

2018-04-25 Thread Jeremy Stanley
https://manpages.debian.org/debdiff http://snapshot.debian.org/package/python3.6/ [also, please don't Cc me, I do already read the mailing list] -- Jeremy Stanley signature.asc Description: PGP signature

Re: Backport of Python 3.6 for Debian Stretch?

2018-04-24 Thread Jeremy Stanley
thing, there's no substantial difference between building a package of Python3.6 and copying it to the system, or performing a `make altinstall` and copying the resulting files (via rsync, tar and scp, whatever) to the target system. If you're okay with the idea of building packages remotely, th

Re: python-urllib3 1.25.6 uploaded to experimental (closes CVE-2019-11236) but fails build tests

2019-10-29 Thread Jeremy Stanley
sufficiently to cause protocol negotiation to fall back to an old enough version that the attacker can then exploit known flaws to decrypt and/or proxy ("man in the middle") that communication. Having both the client and the server be unwilling to use susceptible older protocol

Re: Where can I find packages that need a maintainer?

2020-02-13 Thread Jeremy Stanley
and relying on, rather than wading through a large list of packages which are mostly orphaned because nobody's using them anyway. -- Jeremy Stanley signature.asc Description: PGP signature

Re: Automatically removing "badges" pictures from README.rst files

2020-04-09 Thread Jeremy Stanley
ix more than 80 common lintian issues in Debian packages. It comes with a wrapper script that invokes the scripts, updates the changelog (if desired) and commits each change to version control. (from https://packages.debian.org/lintian-brush ) -- Jeremy Stanley signature.asc D

Re: Build Python 2.7 version >= 2.7.15 on Debian 9

2020-04-03 Thread Jeremy Stanley
solution like conda or virtualenv. -- Jeremy Stanley signature.asc Description: PGP signature

Re: Example package using python3-pbr and Sphinx documentation with manual page

2020-05-04 Thread Jeremy Stanley
lsa.debian.org/openstack-team/clients/python-openstackclient/-/blob/88bdecc66a30b4e3d5aec9cdae4cc529c33690e6/debian/rules#L27 > Then there's a similar dh_installman override a few lines later. -- Jeremy Stanley signature.asc Description: PGP signature

Re: Example package using python3-pbr and Sphinx documentation with manual page

2020-05-04 Thread Jeremy Stanley
On 2020-05-04 19:07:00 + (+), Jeremy Stanley wrote: > On 2020-05-04 19:13:38 +0200 (+0200), Florian Weimer wrote: > > I'm trying to package pwclient, which depends on python3-pbr and has a > > rudimentary manual page generated from Sphinx documentation. Is there > &

Re: Maintaining all of the testing-cabal packages under the OpenStack team

2020-06-30 Thread Jeremy Stanley
sts are also normally to a build result detail page provided by the dashboard, thought you should be able to configure it to link directly to the job logs instead. -- Jeremy Stanley signature.asc Description: PGP signature

Re: The python command in Debian

2020-07-09 Thread Jeremy Stanley
mming language, similar to Python and developed by the same community, but not directly compatible with Python. Debian provides an interpreter for Python3, but has (or will have by then) ceased distributing a Python interpreter. -- Jeremy Stanley signature.asc Description: PGP signature

Re: Maintaining all of the testing-cabal packages under the OpenStack team

2020-06-29 Thread Jeremy Stanley
t various times in https://bugs.debian.org/705844 but more recently there are some JavaScript deps for its Web dashboard which could get gnarly to unwind in a Debian context). -- Jeremy Stanley signature.asc Description: PGP signature

Re: Maintaining all of the testing-cabal packages under the OpenStack team

2020-06-28 Thread Jeremy Stanley
folk were heavily involved in OpenStack and influential in shaping its quality assurance efforts; so OpenStack relies much more heavily on these libraries than other ecosystems of similar size, and OpenStack community members, present and past, continue to collaborate upstream on their development. -- Jer

Re: [Python-modules-team] Bug#954381: marked as done (python3-kubernetes: New upstream version available)

2020-11-21 Thread Jeremy Stanley
e a solution here, so that uscan uses a repack script directly > without attempting to download first? Maybe I'm missing something obvious, but can't you just use mode=git (see uscan manpage for details on this feature). I assumed this is what was being suggested. -- Jeremy Stanley signature.asc Description: PGP signature

Re: How to watch pypi.org

2020-10-31 Thread Jeremy Stanley
On 2020-10-31 12:03:50 +0100 (+0100), Thomas Goirand wrote: [...] > On 10/31/20 3:07 AM, Jeremy Stanley wrote: > > I have to agree, though in the upstream projects with which I'm > > involved, those generated files are basically a lossy re-encoding of > > metadata from

Re: How to watch pypi.org

2020-10-31 Thread Jeremy Stanley
a problem for downstream packaging likely varies a bit from project to project. -- Jeremy Stanley signature.asc Description: PGP signature

Re: How to watch pypi.org

2020-11-01 Thread Jeremy Stanley
rtain version, collapsing pre-release notes, and so on. A quick test of Nova's release notes indicates that even if you don't truncate them though and include everything back to when the project started using reno 5 years ago, that NEWS file would only increase the compressed size of the nova-doc pac

Re: How to watch pypi.org

2020-10-30 Thread Jeremy Stanley
is information may be referenced from copyright licenses, so it's important in those cases for package maintainers to generate it when making their source packages if not using the sdist tarballs published by the project. -- Jeremy Stanley signature.asc Description: PGP signature

Re: Re: Challenges packaging Python for a Linux distro - at Python Language Summit

2021-05-17 Thread Jeremy Stanley
development because it is patched and tuned specifically for running system applications packaged for their distro and not intended as a general-purpose Python distribution. -- Jeremy Stanley signature.asc Description: PGP signature

Re: [RFC] DPT Policy: Canonise recommendation against PyPi-provided upstream source tarballs

2021-06-25 Thread Jeremy Stanley
elated examples elsewhere in the ecosystem. -- Jeremy Stanley signature.asc Description: PGP signature

Re: [RFC] DPT Policy: Canonise recommendation against PyPi-provided upstream source tarballs

2021-06-25 Thread Jeremy Stanley
files in Debian, but when those files can't be generated without the presence of the Git repository itself which *isn't* files in Debian, using the generated copies supplied (and signed!) by upstream seems no different than many other sorts of data which get shipped in Debian source packages. -- Jeremy Stanley signature.asc Description: PGP signature

Re: [RFC] DPT Policy: Canonise recommendation against PyPi-provided upstream source tarballs

2021-06-25 Thread Jeremy Stanley
a copy of the file contents from source control while missing other relevant context Git would normally provide. -- Jeremy Stanley signature.asc Description: PGP signature

Re: [RFC] DPT Policy: Canonise recommendation against PyPi-provided upstream source tarballs

2021-06-25 Thread Jeremy Stanley
On 2021-06-26 02:04:40 + (+), Paul Wise wrote: > On Fri, Jun 25, 2021 at 11:42 PM Jeremy Stanley wrote: [..] > > 2. Cryptographically signed tarballs of the file tree corresponding > >to a tag in the Git repository, with versioning, revision > >history, release

Re: [RFC] DPT Policy: Canonise recommendation against PyPi-provided upstream source tarballs

2021-06-28 Thread Jeremy Stanley
has reduced the pressure on upstreams with massive suites of tests or volumes of documentation to strip them out of sdists, making it more likely they'll ship full source distributions that way. -- Jeremy Stanley signature.asc Description: PGP signature

Re: [RFC] DPT Policy: Canonise recommendation against PyPi-provided upstream source tarballs

2021-06-26 Thread Jeremy Stanley
me battery of upstream tests makes sense, but testsuites which require root access outside a chroot, integration tests orchestrated across multiple machines, access to unusual sorts of accelerator or network hardware, and so on can easily comprise part of "the upstream testsuite." --

Re: Need a Python 3.8 virtual environment

2021-03-03 Thread Jeremy Stanley
buntu/ppa -- Jeremy Stanley signature.asc Description: PGP signature

Re: python3.5 + oldstable dilemma

2021-03-01 Thread Jeremy Stanley
python3 packaged in oldstable, then can't you use the libraries (e.g. python3-yaml) packaged in oldstable as well and take advantage of whatever security fixes are backported by the package maintainers/security team? -- Jeremy Stanley signature.asc Description: PGP signature

Re: upstream python concerns, python3-full package for bullseye

2021-02-12 Thread Jeremy Stanley
et "software developer tools" when they do so. But who else is specifically choosing to install a Python interpreter if not people writing and running non-packaged Python source? -- Jeremy Stanley signature.asc Description: PGP signature

Re: upstream python concerns, python3-full package for bullseye

2021-02-16 Thread Jeremy Stanley
newer pip is needed to be able to deal with that too (at least if you don't want to have to preinstall an entire build toolchain so you can install sdists instead). -- Jeremy Stanley signature.asc Description: PGP signature

Re: RFS: python-click-default-group: Extension for Python click adding default subcommand to group

2021-09-29 Thread Jeremy Stanley
intent for a "source distribution" package), since most users installing directly from PyPI are going to pull a wheel instead of an sdist when available, and wheels are expected to be much more pared down anyway. Like many things in the packaging realm, there is no one-size-fits-al

Re: Bug#997758: nose: FTBFS: There is a syntax error in your configuration file: invalid syntax (conf.py, line 220)

2021-10-24 Thread Jeremy Stanley
ude https://packages.debian.org/python3-testrepository or https://packages.debian.org/python3-stestr (both are subunit-emitting test runners), which pretty much all of the OpenStack projects moved to years ago as replacements for nose. -- Jeremy Stanley signature.asc Description: PGP signature

Re: mass bug filling for nose removal (was: Bug#997758: nose: FTBFS: There is a syntax error in your configuration file: invalid syntax (conf.py, line 220))

2021-11-11 Thread Jeremy Stanley
d to do a MBF," so I assumed that's been the plan all along? Or are you asking why it hasn't been started now that it's been a few weeks? -- Jeremy Stanley signature.asc Description: PGP signature

Re: pyyaml 6

2022-10-07 Thread Jeremy Stanley
stream if folks think that would be a helpful data point, but it's not entirely trivial since I'll have to do some extra work to override the requirement constraints (otherwise I would have just done it before replying). -- Jeremy Stanley signature.asc Description: PGP signature

Re: pyyaml 6

2022-10-09 Thread Jeremy Stanley
t from the repository. > refstack-client # confirm, in refstack_client Fixed in 0.1.0 from February (unstable carries an unreleased snapshot from last year). -- Jeremy Stanley signature.asc Description: PGP signature