On Wed, 27 May 2026 16:01:28 +0200 Simon Josefsson <[email protected]> wrote:
> Hi. > > With uv included in Debian, I was able to resume packaging of > python-sigstore-models. I lack experience with python packaging so > I would appreciate review of this package before NEW upload: > > https://salsa.debian.org/python-team/packages/python-sigstore-models/ > > My biggest worry is the lack of upstream self-checks -- > https://github.com/astral-sh/sigstore-models/issues/3 -- making it > hard to know if this package is working or not until there are > consumers of the package (with self-tests). I hope to resume > packaging of python-sigstore eventually, covering that part: > https://bugs.debian.org/1084157 The upstream repo on github does have tests, it's only the releases published on pypi that don't. You might want to switch the watch file to pull from github instead. Most issues in the current packaging are related to the lack of tests, esp. with the package set up as if they actually were present: * testsuite 'autopkgtest-pkg-pybuild' without build-time tests is the equivalent of running /bin/true in an autopkgtest context. In that case, you're better off with autopkgtest-pkg-python (that at least actually does something, even if superficial). * build-dep on python3-pydantic is only used while pybuild looks for unittests that aren't there, and could be ditched if you explicitly disable tests via 'export PYBUILD_DISABLE=test' in d/rules. * you should probably build-depend on python3 rather than python3-all if you're not running any tests on build. Obviously, all of the above only applies as long as no tests on run on build. The only other thing that stood out is the unused build-dep on python3-setuptools.
pgp0rFmEK1UOH.pgp
Description: OpenPGP digital signature
