Jeroen Ploemen <[email protected]> writes: > On Wed, 27 May 2026 16:01:28 +0200 > Simon Josefsson <[email protected]> wrote: > >> Hi. >> >> With uv included in Debian, I was able to resume packaging of >> python-sigstore-models. I lack experience with python packaging so >> I would appreciate review of this package before NEW upload: >> >> https://salsa.debian.org/python-team/packages/python-sigstore-models/ >> >> My biggest worry is the lack of upstream self-checks -- >> https://github.com/astral-sh/sigstore-models/issues/3 -- making it >> hard to know if this package is working or not until there are >> consumers of the package (with self-tests). I hope to resume >> packaging of python-sigstore eventually, covering that part: >> https://bugs.debian.org/1084157 > > The upstream repo on github does have tests, it's only the releases > published on pypi that don't. You might want to switch the watch file > to pull from github instead. > > Most issues in the current packaging are related to the lack of > tests, esp. with the package set up as if they actually were present: > * testsuite 'autopkgtest-pkg-pybuild' without build-time tests is the > equivalent of running /bin/true in an autopkgtest context. In that > case, you're better off with autopkgtest-pkg-python (that at least > actually does something, even if superficial). > * build-dep on python3-pydantic is only used while pybuild looks for > unittests that aren't there, and could be ditched if you explicitly > disable tests via 'export PYBUILD_DISABLE=test' in d/rules. > * you should probably build-depend on python3 rather than python3-all > if you're not running any tests on build. > > Obviously, all of the above only applies as long as no tests on run on > build. > > The only other thing that stood out is the unused build-dep on > python3-setuptools.
Yay, wonderful, thanks! Fixed in git now, including pulling directly from GitHub instead, so we now have self-tests. I recall seeing self-checks dropped from the pypi tarballs before, so maybe I should make a habit to pull directly from git for future python packages. IIRC the python team policy lead me into the pypi approach. /Simon
signature.asc
Description: PGP signature
