Bug#780584: RFS: s3cmd/1.5.2-1 ITA
On Fri, Mar 27, 2015 at 6:12 PM, Gianfranco Costamagna wrote: > I completely agree, but what is the tradeoff between forcing upstream to > release > something that might be broken or untested and having two debian patches? Of course one can't force upstream to make a release and of course upstream should never make broken or untested releases. I was simply suggesting encouraging upstream to do their normal release procedure sooner rather than later. I assume that their release procedure would do the necessary things to ensure the release is both working and well tested. > If you can't sponsor I mentioned in my first email to the thread I wasn't intending to sponsor this package. I probably could have been more clear about that, sorry! -- bye, pabs https://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#780584: RFS: s3cmd/1.5.2-1 ITA
Hi Paul, >Either way is fine, but I generally subscribe to the "release early,>release >often" principle. Releasing also benefits the rest of the Free >Software community, as Debian has promised to do. Of course it is >completely up to upstream as to when they do releases. I completely agree, but what is the tradeoff between forcing upstream to release something that might be broken or untested and having two debian patches? If you want my opinion please go with this upload, and then I'll take care of the new release (and possibly bother you again :p) I prefer two patches rather than a broken release, specially for such a complicate tool :) If you can't sponsor no problem, I'll ask Matt how confortable he is with releasing ;) thanks, G. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#780584: RFS: s3cmd/1.5.2-1 ITA
On Thu, 2015-03-26 at 08:00 +, Gianfranco Costamagna wrote: > Hi Paul, upstream fixed all the issues, so the next version will drop > all our patches. Excellent. > I hope we can avoid pushing upstream to release, right? Either way is fine, but I generally subscribe to the "release early, release often" principle. Releasing also benefits the rest of the Free Software community, as Debian has promised to do. Of course it is completely up to upstream as to when they do releases. https://www.debian.org/social_contract -- bye, pabs https://wiki.debian.org/PaulWise signature.asc Description: This is a digitally signed message part
Bug#780584: RFS: s3cmd/1.5.2-1 ITA
>Agreed, getting upstream to fix them and start using these tools is >the best option. Hi Paul, upstream fixed all the issues, so the next version will drop all our patches. I hope we can avoid pushing upstream to release, right? let me know, cheers, Gianfranco -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#780584: RFS: s3cmd/1.5.2-1 ITA
Hi Paul > I opened upstream issue 505 > https://github.com/s3tools/s3cmd/issues/505 >Could you also suggest removing the manual page from git and tarballs >so it is always built from source? I just noticed Matt here is also upstream, bad me I didn't check :) >Personally I'd suggest upstream upload tarballs for all the releases >to GitHub as well as SF. it is already this way, I uploaded a fix for the watch file right now >That should be enough for uscan, the issue appears to be that you are >matching against the GitHub-auto-generated tarballs and not the ones >that upstream has created and uploaded next to them. Here is a fixed >watch file: >version=3 >opts=pgpsigurlmangle=s/$/.asc/ \ >https://github.com/s3tools/s3cmd/releases \ >.*/s3cmd-(\d\S*)\.tar\.gz hehe, I uploaded almost exactly this patch prior to your mail, just a difference: .*/s3cmd\-?(\d\S*)\.tar\.gz instead of .*/s3cmd-(\d\S*)\.tar\.gz (reuploading right now on mentors) the problem was just an outdated uscan version :) >Hmm, I didn't get python-magic in the Depends when I built it. Both>with the >previous version and the one you just uploaded. The previous >version I built with debuild and the current one inside pbuilder. I >have python-magic installed in both. you are right the problem is the newer dh-python that stopped guessing b-d http://anonscm.debian.org/cgit/dh-python/dh-python.git/commit/?id=de7db9bd0021cee65e477f11cd69cfd93350bd2e well, I added an override for this, the problem seems to be in python-magic (I don't know hot to best report this though) >Please do use DEP-3 for patch headers and get patches upstreamed.> >http://dep.debian.net/deps/dep3/ > done >Agreed, getting upstream to fix them and start using these tools is>the best >option. cheers, Gianfranco -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#780584: RFS: s3cmd/1.5.2-1 ITA
On Wed, Mar 18, 2015 at 7:34 PM, Gianfranco Costamagna wrote: > I opened upstream issue 505 > https://github.com/s3tools/s3cmd/issues/505 Could you also suggest removing the manual page from git and tarballs so it is always built from source? > I see them here > https://github.com/s3tools/s3cmd/releases > is that enough? uscan seems to be missing some bits, because it doesn't pick > up > the key Personally I'd suggest upstream upload tarballs for all the releases to GitHub as well as SF. That should be enough for uscan, the issue appears to be that you are matching against the GitHub-auto-generated tarballs and not the ones that upstream has created and uploaded next to them. Here is a fixed watch file: version=3 opts=pgpsigurlmangle=s/$/.asc/ \ https://github.com/s3tools/s3cmd/releases \ .*/s3cmd-(\d\S*)\.tar\.gz > I checked the debian file and seems correct > Depends: python-dateutil, python:any (>= 2.7.5-5~), python:any (<< 2.8), > python, python-magic Hmm, I didn't get python-magic in the Depends when I built it. Both with the previous version and the one you just uploaded. The previous version I built with debuild and the current one inside pbuilder. I have python-magic installed in both. > mmm I don't have an amazon service "free" to test... seems difficult to > achieve > (we use a private key) Ok, I guess it would be hard. > it is a command line tool, are them really necessary? Not necessary, but useful for showing potential users what using it looks like >>lintian: > > I restored the patches, they disappeared. Please do use DEP-3 for patch headers and get patches upstreamed. http://dep.debian.net/deps/dep3/ > can I just report them upstream? > https://github.com/s3tools/s3cmd/issues/506 > > I can fix them, but rewriting downstream is really bad in my opinion, I would > like to help > upstream fixing them and then wait for the next release. Agreed, getting upstream to fix them and start using these tools is the best option. -- bye, pabs https://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#780584: RFS: s3cmd/1.5.2-1 ITA
Hi Paul, >All good points Harlan. I also won't be sponsoring this. thanks to you too! (now we have the ack) >That tool doesn't appear to be run at build time to generate the>manual page, >which means that if downstream folks patch the command >they won't get an updated manual page. I'd strongly suggest that the >manual page be removed from the upstream git repos and tarballs and >that the manual page be created at package build time. The script used >to create the manual page would have to be added to the tarballs, >currently it is only available in git. I opened upstream issue 505 https://github.com/s3tools/s3cmd/issues/505 > That will require changing the watch file from github to sourceforge. >An alternative would be to ask upstream to upload all of their >tarballs and detached OpenPGP signatures to GitHub in addition to >SourceForge. I'd recommend that they do that anyway so people who >prefer GitHub can get them from there. I see them here https://github.com/s3tools/s3cmd/releases is that enough? uscan seems to be missing some bits, because it doesn't pick up the key >python-magic is dropped from the recommends and isn't in depends, was >that intended? I'd suggest using debdiff or debbindiff to compare >binary packages before future uploads. yes, seems picked up by install_requires install_requires = ["python-dateutil", "python-magic"] I checked the debian file and seems correct Depends: python-dateutil, python:any (>= 2.7.5-5~), python:any (<< 2.8), python, python-magic >debian/docs has an unnecessary blank line. fixed >Usually there are blank lines between the different contributors in >debian/changelog, did you use dch to prepare the changelog? yes, but sometimes I use vim too :) fixed >The homepage change isn't mentioned in debian/changelog. fixed >I'd suggest replacing /tmp/ with ~/ in the README.md examples and the >manual page. fixed and opened a pull request upstream >As this tool is for interacting with a remote network service, I'd >recommend implementing some post-install tests using the mechanisms >described in DEP-8. >http://dep.debian.net/deps/dep8/ mmm I don't have an amazon service "free" to test... seems difficult to achieve (we use a private key) >It would be good to get one or two screenshots illustrating how to use >this tool. >https://screenshots.debian.net/upload it is a command line tool, are them really necessary? >A build-time warning: >I: dh_python2 pydist:184: Cannot find package that provides >python_magic. Please add package that provides it to Build-Depends or >add "python_magic python-magic-fixme" line to debian/pydist-overrides >or add proper dependency to Depends by hand and ignore this info. I spotted it, but I don't know how to fix it, the python-magic seems correctly added by pydist. >lintian: I restored the patches, they disappeared. $ pep8 --ignore W191 . $ pyflakes . can I just report them upstream? https://github.com/s3tools/s3cmd/issues/506 I can fix them, but rewriting downstream is really bad in my opinion, I would like to help upstream fixing them and then wait for the next release. I opened upstream pull requests/issues 504-505-506-507 with all the fixes. (I'm currently uploading again on mentors) thanks Gianfranco -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#780584: RFS: s3cmd/1.5.2-1 ITA
Hi Harlan! (ccing Mikhail so he can ack/nack the GPL-2 to GPL-2+ change) >The most concerning issue to me is the change in d/copyright from GPL-2 >to GPL-2+ for the files under debian/. Matching them to upstream is >best practice, to be sure, but to do so needs the permission of the >authors of all the files underneath there - especially, it looks like, >Mikhail Gusarov. It's not clear to me whether Matt Domsch's permission >might also be needed; it certainly couldn't hurt, though. I didn't "hide" this from changelog, because I know this needs permission, and this is why I'm ccing him (sorry, I was sure I mentioned it in the ITA bug, bad me) Having it as GPL-2 makes it hard to forward patches to upstream (of course I can release *my* patches under GPL-2+, but seems better to relicense the debian packaging in my opinion) this is also why I didn't fix the nitpicks, as soon as I get confidence with the licensing I'll fix them directly upstream, they aren't on top of the issues in my opinion >The man page has a couple of errors as well - groff is picking up some >text and trying to apply it as a macro. There are also unescaped >"-"'s that need to be escaped so they are not mistaken as hyphens >instead of minuses. There's also a spelling error in the man file. All >of these are upstream problems - probably with the tool they are using >to create the manpage itself - but should be fixed if possible. >Other than that, the remaining tweaks are minor. You should install the >upstream changelog since it's provided. Upstream does provide GPG >signatures of the downloads, so you should verify them if possible - the >uscan(1) manpage has details about how to do so. That will require >changing the watch file from github to sourceforge. nope, the asc file is also there on github, but for some reasons uscan is picking it and failing for another reason. (it is my first time I add an upstream signing key, help is appreciated) >Thanks again for your work on s3cmd, and on Debian! If you have >questions, please reach out to me. thanks for the review Gianfranco -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#780584: RFS: s3cmd/1.5.2-1 ITA
Ack. On Wed, 18 Mar 2015, at 11:29, Gianfranco Costamagna wrote: > > > Hi Harlan! > > (ccing Mikhail so he can ack/nack the GPL-2 to GPL-2+ change) > > > > >The most concerning issue to me is the change in d/copyright from GPL-2 > >to GPL-2+ for the files under debian/. Matching them to upstream is > >best practice, to be sure, but to do so needs the permission of the > >authors of all the files underneath there - especially, it looks like, > >Mikhail Gusarov. It's not clear to me whether Matt Domsch's permission > >might also be needed; it certainly couldn't hurt, though. > > > I didn't "hide" this from changelog, because I know this needs > permission, > and this is why I'm ccing him (sorry, I was sure I mentioned it in the > ITA bug, bad me) > > Having it as GPL-2 makes it hard to forward patches to upstream (of > course I can > release *my* patches under GPL-2+, but seems better to relicense the > debian packaging in my > opinion) > > this is also why I didn't fix the nitpicks, as soon as I get confidence > with the licensing I'll > fix them directly upstream, they aren't on top of the issues in my > opinion > > >The man page has a couple of errors as well - groff is picking up some > >text and trying to apply it as a macro. There are also unescaped > >"-"'s that need to be escaped so they are not mistaken as hyphens > >instead of minuses. There's also a spelling error in the man file. All > >of these are upstream problems - probably with the tool they are using > >to create the manpage itself - but should be fixed if possible. > > >Other than that, the remaining tweaks are minor. You should install the > >upstream changelog since it's provided. Upstream does provide GPG > >signatures of the downloads, so you should verify them if possible - the > >uscan(1) manpage has details about how to do so. That will require > >changing the watch file from github to sourceforge. > > > nope, the asc file is also there on github, but for some reasons uscan is > picking > it and failing for another reason. > (it is my first time I add an upstream signing key, help is appreciated) > > >Thanks again for your work on s3cmd, and on Debian! If you have > >questions, please reach out to me. > > > thanks for the review > > Gianfranco -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#780584: RFS: s3cmd/1.5.2-1 ITA
On Wed, Mar 18, 2015 at 6:34 AM, Harlan Lieberman-Berg wrote: > Thank you for your work on the s3cmd package. I'm not able to sponsor > your package at this time, but I've done a review for you to help fix up > a couple of nitpicks while you wait. All good points Harlan. I also won't be sponsoring this. > the change in d/copyright from GPL-2 to GPL-2+ for the files under debian/. I think the debian/copyright issue should be a blocker for this upload. > probably with the tool they are using to create the manpage itself That tool doesn't appear to be run at build time to generate the manual page, which means that if downstream folks patch the command they won't get an updated manual page. I'd strongly suggest that the manual page be removed from the upstream git repos and tarballs and that the manual page be created at package build time. The script used to create the manual page would have to be added to the tarballs, currently it is only available in git. > That will require changing the watch file from github to sourceforge. An alternative would be to ask upstream to upload all of their tarballs and detached OpenPGP signatures to GitHub in addition to SourceForge. I'd recommend that they do that anyway so people who prefer GitHub can get them from there. A few more minor things: python-magic is dropped from the recommends and isn't in depends, was that intended? I'd suggest using debdiff or debbindiff to compare binary packages before future uploads. debian/docs has an unnecessary blank line. Usually there are blank lines between the different contributors in debian/changelog, did you use dch to prepare the changelog? The homepage change isn't mentioned in debian/changelog. I'd suggest replacing /tmp/ with ~/ in the README.md examples and the manual page. As this tool is for interacting with a remote network service, I'd recommend implementing some post-install tests using the mechanisms described in DEP-8. http://dep.debian.net/deps/dep8/ It would be good to get one or two screenshots illustrating how to use this tool. https://screenshots.debian.net/upload A build-time warning: I: dh_python2 pydist:184: Cannot find package that provides python_magic. Please add package that provides it to Build-Depends or add "python_magic python-magic-fixme" line to debian/pydist-overrides or add proper dependency to Depends by hand and ignore this info. lintian: P: s3cmd source: debian-watch-may-check-gpg-signature P: s3cmd: no-upstream-changelog X: s3cmd: duplicate-files usr/share/doc/packages/s3cmd/README.md.gz usr/share/doc/s3cmd/README.md.gz W: s3cmd: manpage-has-errors-from-man usr/share/man/man1/s3cmd.1.gz 365: warning: macro `Cache-Control'' not defined I: s3cmd: spelling-error-in-manpage usr/share/man/man1/s3cmd.1.gz overriden overridden I: s3cmd: hyphen-used-as-minus-sign usr/share/man/man1/s3cmd.1.gz:289 I: s3cmd: hyphen-used-as-minus-sign usr/share/man/man1/s3cmd.1.gz:296 I: s3cmd: hyphen-used-as-minus-sign usr/share/man/man1/s3cmd.1.gz:301 I: s3cmd: hyphen-used-as-minus-sign usr/share/man/man1/s3cmd.1.gz:304 I: s3cmd: hyphen-used-as-minus-sign usr/share/man/man1/s3cmd.1.gz:307 I: s3cmd: hyphen-used-as-minus-sign usr/share/man/man1/s3cmd.1.gz:311 $ pep8 --ignore W191 . $ pyflakes . -- bye, pabs https://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#780584: RFS: s3cmd/1.5.2-1 ITA
Harlan, thanks for the review. I'm happy to have any of my trivial contributions under debian/ be GPL-2+. I removed a patch from debian/patches that fixed up manpage typos. The manpage is automatically generated. I'll look into updating the generator to escape the errors for a future release. Upstream changelog is extremely outdated since moving from svn to git several years ago. I wouldn't worry about including it. I dropped it from the RPM package. I changed the watch file from SF to github, but didn't think about the signature then being invalid. 1.5.0-rc package has the SF-pointing watch file. Would be trivial to switch it back to that copy. Thanks, Matt On Tue, Mar 17, 2015 at 5:34 PM, Harlan Lieberman-Berg wrote: > Hello Gianfranco! > > Thank you for your work on the s3cmd package. I'm not able to sponsor > your package at this time, but I've done a review for you to help fix up > a couple of nitpicks while you wait. > > The most concerning issue to me is the change in d/copyright from GPL-2 > to GPL-2+ for the files under debian/. Matching them to upstream is > best practice, to be sure, but to do so needs the permission of the > authors of all the files underneath there - especially, it looks like, > Mikhail Gusarov. It's not clear to me whether Matt Domsch's permission > might also be needed; it certainly couldn't hurt, though. > > The man page has a couple of errors as well - groff is picking up some > text and trying to apply it as a macro. There are also unescaped > "-"'s that need to be escaped so they are not mistaken as hyphens > instead of minuses. There's also a spelling error in the man file. All > of these are upstream problems - probably with the tool they are using > to create the manpage itself - but should be fixed if possible. > > Other than that, the remaining tweaks are minor. You should install the > upstream changelog since it's provided. Upstream does provide GPG > signatures of the downloads, so you should verify them if possible - the > uscan(1) manpage has details about how to do so. That will require > changing the watch file from github to sourceforge. > > Thanks again for your work on s3cmd, and on Debian! If you have > questions, please reach out to me. > > Sincerely, > > -- > Harlan Lieberman-Berg > ~hlieberman > > -- > To unsubscribe, send mail to 780584-unsubscr...@bugs.debian.org. > >
Bug#780584: RFS: s3cmd/1.5.2-1 ITA
Hello Gianfranco! Thank you for your work on the s3cmd package. I'm not able to sponsor your package at this time, but I've done a review for you to help fix up a couple of nitpicks while you wait. The most concerning issue to me is the change in d/copyright from GPL-2 to GPL-2+ for the files under debian/. Matching them to upstream is best practice, to be sure, but to do so needs the permission of the authors of all the files underneath there - especially, it looks like, Mikhail Gusarov. It's not clear to me whether Matt Domsch's permission might also be needed; it certainly couldn't hurt, though. The man page has a couple of errors as well - groff is picking up some text and trying to apply it as a macro. There are also unescaped "-"'s that need to be escaped so they are not mistaken as hyphens instead of minuses. There's also a spelling error in the man file. All of these are upstream problems - probably with the tool they are using to create the manpage itself - but should be fixed if possible. Other than that, the remaining tweaks are minor. You should install the upstream changelog since it's provided. Upstream does provide GPG signatures of the downloads, so you should verify them if possible - the uscan(1) manpage has details about how to do so. That will require changing the watch file from github to sourceforge. Thanks again for your work on s3cmd, and on Debian! If you have questions, please reach out to me. Sincerely, -- Harlan Lieberman-Berg ~hlieberman -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#780584: RFS: s3cmd/1.5.2-1 ITA
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "s3cmd" * Package name: s3cmd Version : 1.5.2-1 Upstream Author : 2007-2015 TGRMN Software - http://www.tgrmn.com - and contributors * URL : https://github.com/s3tools/s3cmd * License : GPL-2+ Section : utils It builds those binary packages: s3cmd - command-line Amazon S3 client To access further information about this package, please visit the following URL: http://mentors.debian.net/package/s3cmd Alternatively, one can download the package with dget using this command: dget -x http://mentors.debian.net/debian/pool/main/s/s3cmd/s3cmd_1.5.2-1.dsc More information about hello can be obtained from http://www.example.com. Changes since the last upload: * Adopt package (Closes: #674916) [ Matt Domsch ] * New upstream release. * Drop patches, accepted upstream. * change doc file location. * Update watch file. [ Gianfranco Costamagna ] * Change debian packaging to gpl-2+, to ease upstream patch forwarding. * Remove old scripts from rules file. * Add setuptools b-d, needed to build the package in a clean environment. * Update compat level to 9, no changes required. * Update std-version to 3.9.6, no changes required. * Use pybuild to simplify packaging style. * Remove s3cmd symlink. Regards, LocutusOfBorg -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org