Re: Separate GPG subkey for package signing

[Pierre-Elliott Bécue]

Dániel Fancsali  wrote on 24/06/2022 at 18:40:03+0200:

> Good afternoon,
>
> I am not sure, this is the right forum and the right question at all,
> but I'll assume it is, and take my chances - if it turns out to be a
> wrong assumption, I do apologise in advance. ;)
>
> I bumped into a piece of software I needed on my server(s) and I
> figured I'd rather package it up instead of compiling it in place to
> avoid having a complier installed. Coincidentally it's been on the
> ITP/RFP list for ages, so I figured if I jump through all the hoops
> and learn how to create .deb packages, I might as well be a nice
> person and get it all the way into Debian.
>
> The package builds fine locally using pbuilder for several
> architectures. I do believe all the other niceties are included (man
> page, etc.). I am at the stage where it says: "sign and upload the
> package to mentors.debian.org".
>
> I thought, I'll create a separate subkey for signing the package (and
> keep my master key off-line, and the others keys separate from this
> debian-signing-subkey). Would that be considered good practice? Or is
> there something I can't see here?

It'd be perfectly fine to do so. Just make sure this new subkey gets
known to mentors.d.o.

The procedure to export one subkey is tedious, if you need help, just
poke.

-- 
PEB


signature.asc
Description: PGP signature

Re: Salsa repository request

[Pierre-Elliott Bécue]

Thomas Perret  wrote on 27/12/2021 at 15:39:31+0100:

> Le 26/12/2021 à 22:21, Pierre-Elliott Bécue a écrit :
>> 
>> Done.
>> Happy hacking!
>> 
>
> Hi,
>
> Thanks a lot but it looks like I can't push to the repository (or more
> precisely, create a branch). When I push to the repository, I get:

I'm sorry, I certainly was tired when I added you as a member of the project.

It's fixed.

-- 
PEB


signature.asc
Description: PGP signature

Re: Salsa repository request

[Pierre-Elliott Bécue]

Thomas Perret  wrote on 26/12/2021 at 15:28:15+0100:

> [[PGP Signed Part:No public key for 69299C8ED390E51C created at 
> 2021-12-26T15:28:16+0100 using RSA]]
> Dear mentors,
>
> Could someone create a "pass-audit"[0] project on Salsa under the
> debian global namespace and grant me (username: moht) write access?
>
> From the official website[1]:
> pass audit is a password-store[2] extension for auditing your password
> repository. Passwords will be checked against the Python
> implementation of Dropbox' zxcvbn algorithm and Troy Hunt's Have I
> Been Pwned Service. It supports safe breached password detection from
> haveibeenpwned.com using a K-anonymity method. Using this method, you
> do not need to (fully) trust the server that stores the breached
> password.
>
> Thanks
>
> Best,
> Thomas
>
>
> [0]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002618
> [1]: https://github.com/roddhjav/pass-audit
> [2]: https://tracker.debian.org/pkg/password-store

Done.

Happy hacking!

-- 
PEB


signature.asc
Description: PGP signature

Re: Sponsored Maintainer

[Pierre-Elliott Bécue]

Le lundi 18 janvier 2021 à 15:27:14+0100, Patrick Vavrina a écrit :
> Here is my demand for the registration for Debian Maintainer :
> 
> https://nm.debian.org/process/858/
> 
> Which actions do I have to complete for this procedure?
> 
> Best regards,

Hi Patrick,

I would suggest that you give https://wiki.debian.org/DebianMaintainer a
read. It should answer most of your questions.

Please don't hesitate to come back to me if you have specific questions
I could help you with!

Cheers!

-- 
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528  F493 0D44 2664 1949 74E2
It's far easier to fight for one's principles than to live up to them.


signature.asc
Description: PGP signature

Bug#960572: RFS: vim-ale/2.6.0-1 [ITP] (Asynchronous Lint Engine for Vim 8 and NeoVim), vim-vader/0.3.0+git20200213.6fff477-1 [ITP] (simple vimscript test framework)

[Pierre-Elliott Bécue]

Control: owner -1 james...@debian.org

Le lundi 25 mai 2020 à 14:44:20+0200, Pierre-Elliott Bécue a écrit :
> Dear Nicholas,
> 
> Thanks for your work, I'll review it!
> 
> A few preliminary remarks:
> 
> on salsa's repo for vim-ale, you've created a debian/master branch that
> is merely the same as upstream/latest for now, and a mymedia/master one
> which seems to contain the debian packaging files.
> 
> I'd suggest you either remove mymedia/master in favour of debian/master
> (it'd seem more relevant to upload the package from the content of
> debian/master), or at least make the mymedia/master branch being the
> default branch of the repository on salsa, and discard the debian/master
> branch that seems to be useless.
> 
> The same goes for vim-vader.
> 
> My preference would be to rename mymedia/master to debian/master.
> 
> I'll handle both packages, but, next time, please open one RFS per
> source package. The fact that both are closely related doesn't really
> change a thing to that, and one bug for multiple packages makes it
> harder to follow what has already been done and what is to be done.

Hi,

Since James decided to upload these packages right away, I'll leave that
to him.

Anyway, you should get your branches sorted out.

-- 
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528  F493 0D44 2664 1949 74E2
It's far easier to fight for one's principles than to live up to them.


signature.asc
Description: PGP signature

Bug#960572: RFS: vim-ale/2.6.0-1 [ITP] (Asynchronous Lint Engine for Vim 8 and NeoVim), vim-vader/0.3.0+git20200213.6fff477-1 [ITP] (simple vimscript test framework)

[Pierre-Elliott Bécue]

Dear Nicholas,

Thanks for your work, I'll review it!

A few preliminary remarks:

on salsa's repo for vim-ale, you've created a debian/master branch that
is merely the same as upstream/latest for now, and a mymedia/master one
which seems to contain the debian packaging files.

I'd suggest you either remove mymedia/master in favour of debian/master
(it'd seem more relevant to upload the package from the content of
debian/master), or at least make the mymedia/master branch being the
default branch of the repository on salsa, and discard the debian/master
branch that seems to be useless.

The same goes for vim-vader.

My preference would be to rename mymedia/master to debian/master.

I'll handle both packages, but, next time, please open one RFS per
source package. The fact that both are closely related doesn't really
change a thing to that, and one bug for multiple packages makes it
harder to follow what has already been done and what is to be done.

Cheers.

-- 
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528  F493 0D44 2664 1949 74E2
It's far easier to fight for one's principles than to live up to them.


signature.asc
Description: PGP signature

Bug#919433: RFS: ca-certificates/20190110 [RC;Security]

[Pierre-Elliott Bécue]

Le mardi 22 janvier 2019 à 13:09:21+0100, Axel Beckert a écrit :
> Hi Michael,
> 
> Michael Shuler wrote:
> >   * debian/ca-certificates.postinst:
> > Fix permissions on /usr/local/share/ca-certificates when using symlinks.
> > Closes: #916833
> >   * sbin/update-ca-certificates:
> > Remove orphan symlinks found in /etc/ssl/certs to prevent `openssl
> > rehash` from exiting with an error. Closes: #895482, #895473
> > This will also fix removal of user CA certificates from /usr/local 
> > without
> > needing to run --fresh. Closes: #911303
> 
> This sounds very promising, thanks!
> 
> Will test it on the two of my affected machines probably this evening
> and sponsor it if there aren't any blockers (which I don't expect :-).
> 
> (If any other DD is quicker, feel free to sponsor the package, if I
> haven't done it by then. :-)

Hi Axel,

Did you find the time to review these changes?

If you're busy, I'll take care of the upload, but I have no instance
where to test the current changes.

Best regards,

-- 
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528  F493 0D44 2664 1949 74E2
It's far easier to fight for one's principles than to live up to them.


signature.asc
Description: PGP signature

Bug#918958: RFS: monitorix/3.10.1-1 [ITP]

[Pierre-Elliott Bécue]

Control: owner -1 Pierre-Elliott Bécue 

Hi Baptiste,

Le 11/01/2019 à 00:13, Baptiste BEAUPLAT a écrit :
> Package: sponsorship-requests
> Severity: normal
> 
>   Dear mentors,
> 
>   I am looking for a sponsor for my package "monitorix"
> 
>  * Package name: monitorix
>Version : 3.10.1-1
>Upstream Author : Jordi Sanfeliu
>  * URL : https://www.monitorix.org
>  * License : GPL-2
>Section : utils
> 
>   It builds those binary packages:
> 
> monitorix  - lightweight system monitoring tool
> 
>   To access further information about this package, please visit the
> following URL:
> 
>   https://mentors.debian.net/package/monitorix
> 
>   The repository for packaging is hosted on salsa:
> 
>   https://salsa.debian.org/debian/monitorix
> 
>   Alternatively, one can download the package with dget using this command:
> 
> dget -x
> https://mentors.debian.net/debian/pool/main/m/monitorix/monitorix_3.10.1-1.dsc
> 
>   More information about monitorix can be obtained from
> https://www.monitorix.org.
> 
>   Changes since the last upload:
> 
>   * New package
> 
>   Regards,

I'll take care of that this evening.

Cheers,

-- 
PEB

Bug#917875: RFS: fathom/1.0-1 [ITP]

[Pierre-Elliott Bécue]

Le mardi 01 janvier 2019 à 20:03:00+0100, Pierre-Elliott Bécue a écrit :
> Le mardi 01 janvier 2019 à 19:55:18+0100, Jose G. López a écrit :
> > All changes are pushed to https://salsa.debian.org/josgalo-guest/fathom
> 
> Thanks!
> 
> > Do I need to re-upload the package to mentors?
> 
> Nope. :)

Uploaded.

Please, tag the release on your repo.

Also, for next time, as a nitpicking comment, think about updating the
d/changelog release date when you change files in debian/ directory.

Cheers!

-- 
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528  F493 0D44 2664 1949 74E2
It's far easier to fight for one's principles than to live up to them.


signature.asc
Description: PGP signature

Bug#917875: RFS: fathom/1.0-1 [ITP]

[Pierre-Elliott Bécue]

Le mardi 01 janvier 2019 à 19:55:18+0100, Jose G. López a écrit :
> All changes are pushed to https://salsa.debian.org/josgalo-guest/fathom

Thanks!

> Do I need to re-upload the package to mentors?

Nope. :)

-- 
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528  F493 0D44 2664 1949 74E2
It's far easier to fight for one's principles than to live up to them.


signature.asc
Description: PGP signature

Bug#917875: RFS: fathom/1.0-1 [ITP]

[Pierre-Elliott Bécue]

Le lundi 31 décembre 2018 à 10:46:20+0100, Jose G. López a écrit :
> On Mon, 31 Dec 2018 10:35:55 +0100
> "Jose G. López"  wrote:
> 
> > P.D: It's a requirement for ethereal-chess (ITP #914595) and surely for 
> > other
> > chess engines that are embedding this probe tool.
> > 
> 
> Sorry ITP actually is 914598.

Hi,

I suggest you rename your branch "master" to "upstream".

Regardless:

 * d/patches: why changing the .c file instead of adding -I to gcc calls?

Otherwise, LGTM, I'll upload as soon as you answer. :)

Thanks,

-- 
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528  F493 0D44 2664 1949 74E2
It's far easier to fight for one's principles than to live up to them.


signature.asc
Description: PGP signature

Re: Bug#913261: RFS: chkboot/1.2-1 [ITP]

[Pierre-Elliott Bécue]

Control: owner -1 p...@debian.org

Le mercredi 21 novembre 2018 à 16:37:53-0200, Herbert Fortes a écrit :
> On 21/11/2018 13:31, Baptiste BEAUPLAT wrote:
> > Hello Herbert,
> > 
> > I hope you are well.
> > 
> > I was wondering if you had time to take a second look at this package?
> > 
> 
> No.
> 
> I had to improve the Debian CI tests for some
> of the packages I take care.
> 
> Anyone can take of that package if necessary.
> I can not do it right now.

I'll take it from here.

-- 
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528  F493 0D44 2664 1949 74E2
It's far easier to fight for one's principles than to live up to them.


signature.asc
Description: PGP signature

Bug#912427: RFS: urlwatch/2.15-1

[Pierre-Elliott Bécue]

Le mercredi 31 octobre 2018 à 13:36:05+0100, Maxime Werlen a écrit :
> Package: sponsorship-requests
> Severity: normal
> 
> Dear mentors,
> 
> I am looking for a sponsor for my package "urlwatch"
> 
>  * Package name: urlwatch
>Version : 2.15-1
>Upstream Author : Thomas Perl
>  * URL : https://thp.io/2008/urlwatch/
>  * License : BSD-3-clause
>Section : web
> 
> It builds those binary packages:
>   urlwatch   - tool for monitoring webpages for updates
> 
> To access further information about this package, please visit the
> following URL:
>   https://mentors.debian.net/package/urlwatch
> 
> Alternatively, one can download the package with dget using this command:
>   dget -x 
> https://mentors.debian.net/debian/pool/main/u/urlwatch/urlwatch_2.15-1.dsc
> 
> More information about urlwatch can be obtained from
> https://github.com/thp/urlwatch.
> 
> Changes since the last upload:
> 
> urlwatch (2.15-1) unstable; urgency=medium
> 
>   * New upstream release

Hi Maxime,

I'll take care of this.

First, your salsa repo doesn't have neither an upstream branch nor a
pristine-tar one. When packaging python packages it's a good practise to
follow the python packaging teams guidelines[1], even if you don't intend to
have the team comaintain the package.

It's not an issue for sponsorship but I think it could be worth considering
re-making the repository following these guidelines. It enables to have a
clear history of the different upstream releases, a history of the tarballs
you used for extracting these releases plus your master branch. If you need
some help I'm eager to provide input. :)

Can you upgrade the d/watch version, please?

[1] https://wiki.debian.org/Python/GitPackaging

-- 
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528  F493 0D44 2664 1949 74E2
It's far easier to fight for one's principles than to live up to them.


signature.asc
Description: PGP signature

Bug#910538: RFS: vitetris/0.57.2-1 [ITP]

[Pierre-Elliott Bécue]

Le lundi 08 octobre 2018 à 19:10:55+0200, Baptiste BEAUPLAT a écrit :
> Hello Pierre-Elliott,
> 
> Taking into account your suggestions, I re-uploaded the vitetris package
> with the following fixes:
> 
> * Rework package description
> * Remove extra licence file from package
> 
> Url:
> 
> Package on mentors: https://mentors.debian.net/package/vitetris
> Pool on
> mentors:https://mentors.debian.net/debian/pool/main/v/vitetris/vitetris_0.57.2-1.dsc
> Git: https://salsa.debian.org/lyknode-guest/vitetris
> 
> Best regards,

Hi,

Uploaded. Thanks for your contribution.

Cheers!

-- 
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528  F493 0D44 2664 1949 74E2
It's far easier to fight for one's principles than to live up to them.


signature.asc
Description: PGP signature

Bug#910538: RFS: vitetris/0.57.2-1 [ITP]

[Pierre-Elliott Bécue]

Le lundi 08 octobre 2018 à 01:08:00+0200, Baptiste BEAUPLAT a écrit :
> Hello Pierre-Elliott,
> 
> > Dear Baptiste,
> >
> > I get a weird error when I try to download your GPG key to check the package
> > you made.
> >
> > `---> gpg --search-keys 2DE24895313C5DA7F089E14E17494B10795DD733
> > gpg: data source: https://[2a02:c205:3001:3626::1]:443
> > (1) lyknode 
> > Baptiste BEAUPLAT 
> >   256 bit EDDSA key 1EDBAA3C6926AF92, créé : 2017-08-05, expire : 
> > 2019-08-05
> > Keys 1-1 of 1 for "2DE24895313C5DA7F089E14E17494B10795DD733".  Entrez le ou 
> > les nombres, (S)uivant, ou (Q)uitter > 1
> > gpg: key 1EDBAA3C6926AF92: no user ID for key signature packet of class 13
> > gpg:   Quantité totale traitée : 1
> >
> > Is your GPG key actually properly uploaded?
> 
> The key is fine but gpg 2.1.18 seems to have difficulties with some ECC
> keys. There is a fix for testing and stable-bpo.
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906545
> 
> I've tried with a more recent version and it works.
> >  - The install part of the makefile seem to install
> >usr/share/doc/vitetris/licence.txt, which should not happen. You can 
> > either
> >alter debian/rules to remove this file or ignore this suggestion.
> Got a info warning from lintian for that as well. I'll remove the file
> and re-upload the package.
> 
> Thanks a lot for your comments.

Ack, I'll review & upload tomorrow if I find nothing more.

Cheers!

-- 
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528  F493 0D44 2664 1949 74E2
It's far easier to fight for one's principles than to live up to them.


signature.asc
Description: PGP signature

Bug#910538: RFS: vitetris/0.57.2-1 [ITP]

[Pierre-Elliott Bécue]

Le dimanche 07 octobre 2018 à 22:10:42+0200, Baptiste BEAUPLAT a écrit :
> Package: sponsorship-requests
> Severity: normal
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> Dear mentors,
> 
> I am looking for a sponsor for my package "vitetris"
> 
>  Package name: vitetris
>  Version : 0.57.2-1
>  Upstream Author : Victor Geraldsson
>  URL : http://www.victornils.net/tetris/
>  License : BSD-2-Clause
>  Section : games
> 
> It builds those binary packages:
> 
>   vitetris   - Virtual terminal *tris clone
> 
> To access further information about this package, please visit the following 
> URL:
> 
> https://mentors.debian.net/package/vitetris
> 
> 
> Alternatively, one can download the package with dget using this command:
> 
>   dget -x 
> https://mentors.debian.net/debian/pool/main/v/vitetris/vitetris_0.57.2-1.dsc
> 
> More information about vitetris can be obtained from 
> http://www.victornils.net/tetris/.
> Changes since the last upload:
> 
>   * Initial release (Closes: #909968)
> 
> Best Regards,

Dear Baptiste,

I get a weird error when I try to download your GPG key to check the package
you made.

`---> gpg --search-keys 2DE24895313C5DA7F089E14E17494B10795DD733
gpg: data source: https://[2a02:c205:3001:3626::1]:443
(1) lyknode 
Baptiste BEAUPLAT 
  256 bit EDDSA key 1EDBAA3C6926AF92, créé : 2017-08-05, expire : 
2019-08-05
Keys 1-1 of 1 for "2DE24895313C5DA7F089E14E17494B10795DD733".  Entrez le ou les 
nombres, (S)uivant, ou (Q)uitter > 1
gpg: key 1EDBAA3C6926AF92: no user ID for key signature packet of class 13
gpg:   Quantité totale traitée : 1

Is your GPG key actually properly uploaded?

You should mention your salsa repo when you ask for sponsorship. I found this:
https://salsa.debian.org/lyknode-guest/vitetris

Your package seems in a good shape. Some remarks and suggestions:

 - d/control: The description should start with something more general than the
   way the features of the game should look.
 - The install part of the makefile seem to install
   usr/share/doc/vitetris/licence.txt, which should not happen. You can either
   alter debian/rules to remove this file or ignore this suggestion.

Cheers!

-- 
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528  F493 0D44 2664 1949 74E2
It's far easier to fight for one's principles than to live up to them.


signature.asc
Description: PGP signature

Bug#910053: RFS: btrfsmaintenance/0.4.2-1

[Pierre-Elliott Bécue]

Le lundi 01 octobre 2018 à 22:33:13-0400, Nicholas D Steeves a écrit :
> […]

Hi Nicholas,

Sven did upload your package, but the salsa repository is not up-to-date.
Please mind pushing the missing commits.

It could be nice that you upload them (in a tentative branch if you're not
sure) before RFS-ing. :)

Cheers!

-- 
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528  F493 0D44 2664 1949 74E2
It's far easier to fight for one's principles than to live up to them.


signature.asc
Description: PGP signature

Bug#848416: closing RFS: pyvtk/0.5.18-1 [ITA]

[Pierre-Elliott Bécue]

Le samedi 26 août 2017 à 13:01:57+0200, Gianfranco Costamagna a écrit :
> On Fri, 19 May 2017 11:05:32 + (UTC) Gianfranco Costamagna 
>  wrote:
> > Hi,
> > 
> > 
> > >* Package the thing with this actual bug, but as far as I'm concerned I
> > >   consider it as grave, so I'm not really a fan of this idea.
> > 
> > 
> > me neither
> > 
> > >* Patch the issue myself, as a debian patch, and package the thing with it.
> > 
> > unmaintainable on the long run
> > 
> > 
> > >* Fork the project (it's BSD 2-Clause license), patch it, and provide it 
> > >as>   a personnal work, with credit to the original author.
> > 
> > 
> > if you want to fork, consider that this might be a lot time consuming
> > 
> 
> ping :)

Hello,

I'm still considering the idea, but your remarks are really relevant. As I
will clearly have no time for that until march 2018 at the best, I think
we'd better close the RFS and reset the things as they were.

-- 
PEB


signature.asc
Description: PGP signature

Bug#848416: closing RFS: pyvtk/0.5.18-1 [ITA]

[Pierre-Elliott Bécue]

Le vendredi 19 mai 2017 à 09:57:22+, Gianfranco Costamagna a écrit :
> 
> Hi,
> 
> >Since I had no news I got to do other things but I'm eager to
> >fetch new version of the package if any and repackage it.
> >
> >Are you still interested in?
> 
> 
> yes, if you still need the package!

I theoretically do because it'd offer a basic vtk support in python3 that
VTK currently do not provide (at least in debian). That said, I'm concerned
regarding the current state of the project.

As for an example, I submitted a bug report in december regarding issues for
python3 support[1], and no answer came.

I suspect that the author of the project moved to something else.

I then have three solutions:

 * Package the thing with this actual bug, but as far as I'm concerned I
   consider it as grave, so I'm not really a fan of this idea.
 * Patch the issue myself, as a debian patch, and package the thing with it.
 * Fork the project (it's BSD 2-Clause license), patch it, and provide it as
   a personnal work, with credit to the original author.

What do you think about this?

Cheers,

-- 
PEB

[1] https://github.com/pearu/pyvtk/issues/10

Bug#848416: closing RFS: pyvtk/0.5.18-1 [ITA]

[Pierre-Elliott Bécue]

Le lundi 08 mai 2017 à 12:57:08+0200, Gianfranco Costamagna a écrit :
> control: reopen -1
> control: tags -1 moreinfo
> control: owner -1 !
> 
> > Package pyvtk has been removed from mentors.
> > 
> 
> I would like to sponsor this package, any news?

Hey,

Since I had no news I got to do other things but I'm eager to
fetch new version of the package if any and repackage it.

Are you still interested in?

Cheers,

-- 
PEB


signature.asc
Description: PGP signature

Bug#848416: RFS: pyvtk/0.5.18-1 [ITA]

[Pierre-Elliott Bécue]

Le mardi 27 décembre 2016 à 22:11:38+, Sean Whitton a écrit :
> Hello Pierre,
> 
> On Tue, Dec 27, 2016 at 06:04:58PM +0100, Pierre-Elliott Bécue wrote:
> > Le lundi 26 décembre 2016 à 20:38:42+, Sean Whitton a écrit :
> > > control: tag -1 +moreinfo
> > > 
> > > Dear Pierre,
> > > 
> > > Thank you for your interest in adopting this package.
> > > 
> > > Unfortunately, your work has not been properly integrated with what is
> > > already in Debian:
> > > 
> > > - you marked version 0.4.74-4 as released but it was never uploaded
> > 
> > True. Yet, it is in the team repo.
> 
> The changelog tracks the Debian archive.  You should merge the existing
> 0.4.74-4 changelog entry with your changes.

0.4.74-4 is not in the debian archive, only in the team repo. How should I
merge exactly?

> > 
> > Actually, it is included. The commit is just hidden in the history of the
> > team git repository for an unknown reason. See commit
> > 53434cf161a64ab9ac1578fec3613cce20ed451b and merge commit
> > 6fd4d560cf1f1f25a581a28a3c0a93ebd3159386. I added manually the changelog
> > that has been truncated in the merge.
> 
> Sorry, my fault, thanks for fixing up the changelog in your upload.

No worries, you're welcome. :)

> > > - your work is not pushed to the team git repository
> > 
> > I have no permission to push.
> 
> Have you asked to join the team?

I don't feel that I've done enough to get permissions, maybe my
interpretation is wrong.

-- 
PEB


signature.asc
Description: PGP signature

Bug#848416: RFS: pyvtk/0.5.18-1 [ITA]

[Pierre-Elliott Bécue]

Le lundi 26 décembre 2016 à 20:38:42+, Sean Whitton a écrit :
> control: tag -1 +moreinfo
> 
> Dear Pierre,
> 
> Thank you for your interest in adopting this package.
> 
> Unfortunately, your work has not been properly integrated with what is
> already in Debian:
> 
> - you marked version 0.4.74-4 as released but it was never uploaded

True. Yet, it is in the team repo.

> - you haven't included the NMU 0.4.74-3.1

Actually, it is included. The commit is just hidden in the history of the
team git repository for an unknown reason. See commit
53434cf161a64ab9ac1578fec3613cce20ed451b and merge commit
6fd4d560cf1f1f25a581a28a3c0a93ebd3159386. I added manually the changelog
that has been truncated in the merge.

> - your work is not pushed to the team git repository

I have no permission to push.

-- 
PEB


signature.asc
Description: PGP signature

Bug#848416: RFS: pyvtk/0.5.18-1 [ITA]

[Pierre-Elliott Bécue]

Package: sponsorship-requests
Severity: normal

Dear mentors,

This RFS is linked to an ITA. See bug #795017
(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795017) for more
information regarding this package.

I am looking for a sponsor for my package "pyvtk"

 * Package name: pyvtk
   Version : 0.5.18-1
   Upstream Author : Pearu Peterson <pearu.peter...@gmail.com>
 * URL : https://github.com/pearu/pyvtk
 * License : BSD-3-Clause
   Section : python

It builds those binary packages:

 * python-pyvtk - Module for manipulating VTK files
 * python3-pyvtk - Module for manipulating VTK files - Python3 library

To access further information about this package, please visit the following 
URL:

https://mentors.debian.net/package/pyvtk

Alternatively, one can download the package with dget using this command:

  dget -x https://mentors.debian.net/debian/pool/main/p/pyvtk/pyvtk_0.5.18-1.dsc

Changes since the last upload (extracted from NEWS.txt written by the author of
the library):

 * Added Python 3 support (thanks to Thomas Kluyver).
 * Maintain the package (thanks to Thomas Kluyver and David Froger).
 * Development is moved under Github.

Regards,

-- 
Pierre-Elliott Bécue

Bug#819681: RFS: python-django-gravatar2/1.4.0-1 [ITP]

[Pierre-Elliott Bécue]

Le mercredi 20 avril 2016 à 09:07:14+0200, Pierre-Elliott Bécue a écrit :
> Le mercredi 20 avril 2016 à 08:49:27+0200, Nicolas Dandrimont a écrit :
> > Tiago, when replying to a RFS, please use the bug report rather than the
> > mailing list.
> > 
> > * Tiago Ilieve <tiago.my...@gmail.com> [2016-04-12 03:23:50 -0300]:
> > 
> > > > When I tried to dput I've been refused it because 1.4.0-1 was already 
> > > > on the
> > > > server. That's the only way I found. Maybe I did something wrong.
> > > 
> > > Maybe you uploaded again before mentors.d.n processed the first
> > > upload? There's an waiting time ("How long will it take until my
> > > upload is available to sponsors?" from its Q[5]) between the upload
> > > and the package actually being available in there. I'm suggesting this
> > > because mentors.d.n even store different versions of the package, even
> > > when you did not bump its version. You can always use the delete
> > > button from its web interface as well.
> > 
> > Please don't.
> > 
> > Pierre-Elliott, please post full error messages when you have an issue, not
> > your interpretation of the message. You probably got tripped by the fact 
> > that
> > dput leaves a .upload file along your .changes to avoid double uploads. You 
> > can
> > either remove the .upload file or use dput -f to bypass that check.
> > 
> > No need to bump the revision number (which might end you up forgetting to
> > upload the original tarball) or removing the package from mentors.d.n (which
> > will remove history).
> > 
> > Bye,
> 
> Oh, well, understood, I missed that.
> 
> Thanks for the hint, should I reupload the package with -1 version, after
> fixing the changelog? From where I stand that looks awkward but I'm eager to
> follow any suggestion.

Dear mentors,

Apologies for this bump, but I still got no anwser for this package. So I'm
trying again, in hope that somebody who missed this submission will get
interested in. :)

Cheers!

-- 
PEB


signature.asc
Description: PGP signature

Re: Bug#819681: RFS: python-django-gravatar2/1.4.0-1 [ITP]

[Pierre-Elliott Bécue]

Le mercredi 20 avril 2016 à 08:49:27+0200, Nicolas Dandrimont a écrit :
> Tiago, when replying to a RFS, please use the bug report rather than the
> mailing list.
> 
> * Tiago Ilieve  [2016-04-12 03:23:50 -0300]:
> 
> > > When I tried to dput I've been refused it because 1.4.0-1 was already on 
> > > the
> > > server. That's the only way I found. Maybe I did something wrong.
> > 
> > Maybe you uploaded again before mentors.d.n processed the first
> > upload? There's an waiting time ("How long will it take until my
> > upload is available to sponsors?" from its Q[5]) between the upload
> > and the package actually being available in there. I'm suggesting this
> > because mentors.d.n even store different versions of the package, even
> > when you did not bump its version. You can always use the delete
> > button from its web interface as well.
> 
> Please don't.
> 
> Pierre-Elliott, please post full error messages when you have an issue, not
> your interpretation of the message. You probably got tripped by the fact that
> dput leaves a .upload file along your .changes to avoid double uploads. You 
> can
> either remove the .upload file or use dput -f to bypass that check.
> 
> No need to bump the revision number (which might end you up forgetting to
> upload the original tarball) or removing the package from mentors.d.n (which
> will remove history).
> 
> Bye,

Oh, well, understood, I missed that.

Thanks for the hint, should I reupload the package with -1 version, after
fixing the changelog? From where I stand that looks awkward but I'm eager to
follow any suggestion.

-- 
PE


signature.asc
Description: PGP signature

Re: Bug#819681: RFS: python-django-gravatar2/1.4.0-1 [ITP]

[Pierre-Elliott Bécue]

Le jeudi 07 avril 2016 à 17:45:27-0300, Tiago Ilieve a écrit :
> Pierre-Elliott,
> 
> On 7 April 2016 at 12:27, Pierre-Elliott Bécue <be...@crans.org> wrote:
> > You're right, but I'm an "explicit is better than implicit guy". :)
> 
> I guess this is not a case of "explicit vs. implicit". Imagine the
> entire line as an URL:
> 
> https://github.com/P-EB/python-django-gravatar2.git%20-b%20master
> 
> Of course you wouldn't have a problem if you copy-and-pasted it
> (before escaping the spaces) on the command line, as the "-b master"
> would be interpreted as arguments to "git clone". But, if you copy and
> pasted on another client, e.g. a GUI Git client (which I've seen
> people using), the URL may be interpreted like above (after escaping)
> and the cloning process will fail.
> 
> Not to mention that this is expected to be in machine-readable form,
> which may not be aware that someone is passing Git command line
> arguments along the URL.

In that case, if the main branch wasn't `master` the issue would be the
same, yet you'd need the `-b` option. That's my view of explicit V.S.
implicit, you'd have something working based on an assumed behaviour.

> > I thought it'd be better to keep them, but, okay.
> 
> They are mostly related to building projects written in C, so there's
> little use for a pure-Python one, as you are not "saving them for
> later".

Yeah, I agree.

> > I'm not in fond of PYBUILD_NAME thing since I met a lot of trouble with it.
> > If that's recommended I'll put it but I'm more a ".install" files guy.
> 
> Imagine that you would be doing by hand what is expected to be
> automated by Pybuild.

Actually, truth is when I answered to you I forgot one main reason I
switched to .install files : this variable was messing with my package
mailman3-core{,-doc}, which name didn't contain python/python3 in front. So
I thought this variable was more an issue that a help, but for a library, it
works fine, so I can use it directly and avoid .install files.

> > I do not have any issue to build multiple times, but I'll follow your
> > advice.
> 
> Are you building with pbuilder or something like that? I've used
> dpkg-buildpackage and it complained in the second time I ran it.

sbuild.

> > I'm really uncomfortable with tests un packaging for python apps, but I can
> > try to remove the override. Anyway, I'm using pybuild, hence the pypi
> > package fits better and a good way to have a snapshot of upstream's work.
> 
> Why uncomfortable with tests in packaging? They can help to make sure
> that newer versions aren't introducing regressions.

My first packages didn't contain any tests. The first one with tests I had
was mailman3-core, which needs for the tests running a basic mailman3 server
installed, this is not really compatible with the way the tests are done in
packaging.

This one is a django library, that requires settings to be installed. Same
issue.

I tried to deal with these, but it's really painful. So either there is a
way for django packages to do it properly or I'd rather not do the test part
in the packaging process.

> I didn't understood why PyPI packages would fit better than snapshots
> (tarball releases) from the upstream repository.

It allows to check for updates in an easier way and I don't see any benefit
in taking sources from upstream page instead of using pypi.

> On 7 April 2016 at 12:51, Pierre-Elliott Bécue <be...@crans.org> wrote:
> > I uploaded a new version of the package. It should be visible soon, and
> > accessible also via
> >
> > dget -x 
> > http://mentors.debian.net/debian/pool/main/p/python-django-gravatar2/python-django-gravatar2_1.4.0-2.dsc
> 
> You shouldn't bump the version of the package yet, as it was never
> uploaded to the archive. Until the first upload, it will be "X.Y.Z-1",
> no matter how many changes you did to it. Then you can bump the
> version in the following revisions, but only after every upload, not
> after every change in the packaging work.

When I tried to dput I've been refused it because 1.4.0-1 was already on the
server. That's the only way I found. Maybe I did something wrong.

> P.s.: I've seen that you pushed changes with "--force" to the Git
> repository. Please don't do that when you already shared it with other
> people. They will not be able to merge/pull easily (as there are
> annoying merge conflicts in the changed files) and will be harder to
> analyze what you really did (which is the primary feature of every
> version control system), as there will be no visible difference in the
> history.

Yeah, that was to have a clean history, but I admit this practice is rude.
I'll definitely avoid it.

-- 
PE

Re: Bug#819681: RFS: python-django-gravatar2/1.4.0-1 [ITP]

[Pierre-Elliott Bécue]

Le jeudi 07 avril 2016 à 17:27:45+0200, Pierre-Elliott Bécue a écrit :
> Le jeudi 07 avril 2016 à 10:39:22-0300, Tiago Ilieve a écrit :
> > Hi Pierre-Elliott,
> > 
> > On 7 April 2016 at 07:03, Pierre-Elliott Bécue <be...@crans.org> wrote:
> > > Dear mentors,
> > >
> > > So far it appears that I got no reply. I'm trying a small bump in hope 
> > > that
> > > somebody will get interested because of my motivation, or that somebody 
> > > that
> > > missed my first mail will see this one! :)
> > 
> > I can't sponsor your package as I have no upload rights, but reviewed it:
> 
> Thanks!
> 
> > debian/control:
> > * Standards-Version: we are on 3.9.8 since yesterday;
> 
> Saw that, will update
> 
> > * Vcs-Git: there's no need for "-b master", as this is the default
> > branch anyway;
> 
> You're right, but I'm an "explicit is better than implicit guy". :)
> 
> > * ${shlibs:Depends} can be dropped from the "Depends:" field of each
> > binary package, as this isn't need for Python packages;
> 
> True that.
> 
> > * Architecture: "all" instead of "any" on each binary package.
> 
> God, I can't believe I'm still doing that mistake.
> 
> > debian/copyright:
> > * Copyright for Tristan Waddington is 2011-2015;
> > * Copyright for Pierre-Elliott Bécue is 2016;
> > * Why did you choose GPL-2+ for the packaging work? As said here
> > before[1], this can be a problem, as this license is more restrictive
> > than the upstream work, which is MIT.
> 
> Ok for copyrights, I took the one from pypi. As for GPL-2+, It's a usual
> practice of me, will put MIT.
> 
> > debian/rules:
> > * Please clean up the file a little, removing (most of) the commented lines;
> 
> I thought it'd be better to keep them, but, okay.
> 
> > * Add "export PYBUILD_NAME=django-gravatar2"[2]. That's the reason why
> > you probably ended up with empty binary packages and needed to add
> > custom "*.install" files.
> 
> I'm not in fond of PYBUILD_NAME thing since I met a lot of trouble with it.
> If that's recommended I'll put it but I'm more a ".install" files guy.
> 
> > python3-django-gravatar2.docs and python-django-gravatar2.docs:
> > * The preferred format for additional documentation is HTML (Debian
> > Policy Manual, § 12.4). If you want to ship the contents of the
> > "README.rst" file you probably want to do this after converting them
> > to HTML (e.g. using Sphinx).
> 
> Will work on it this evening.
> 
> > python3-django-gravatar2.install and python-django-gravatar2.install:
> > * Unneeded files that should be removed.
> 
> See above.
> 
> > Additional suggestions:
> > 
> > * Please create a "debian/source/options"[3] file with
> > 'extend-diff-ignore="^[^/]+\.egg-info/"'. Otherwise you can't build
> > the package more than one time because dpkg-source will complain about
> > modified files.
> 
> I do not have any issue to build multiple times, but I'll follow your
> advice.
> 
> > * Is there a reason why you packaged the tarball from PyPI and not a
> > tarball from the upstream repository[4]? I'm asking this because
> > there's an override for "override_dh_auto_test" (avoiding it), when
> > the upstream repository contains tests that would be nice to bring to
> > the Debian package as well.
> 
> I'm really uncomfortable with tests un packaging for python apps, but I can
> try to remove the override. Anyway, I'm using pybuild, hence the pypi
> package fits better and a good way to have a snapshot of upstream's work.
> 
> > I hope this helps you to find a sponsor.
> 
> Thank you very much for all these advice.

I uploaded a new version of the package. It should be visible soon, and
accessible also via

dget -x 
http://mentors.debian.net/debian/pool/main/p/python-django-gravatar2/python-django-gravatar2_1.4.0-2.dsc

-- 
PEB

Re: Bug#819681: RFS: python-django-gravatar2/1.4.0-1 [ITP]

[Pierre-Elliott Bécue]

Le jeudi 07 avril 2016 à 10:39:22-0300, Tiago Ilieve a écrit :
> Hi Pierre-Elliott,
> 
> On 7 April 2016 at 07:03, Pierre-Elliott Bécue <be...@crans.org> wrote:
> > Dear mentors,
> >
> > So far it appears that I got no reply. I'm trying a small bump in hope that
> > somebody will get interested because of my motivation, or that somebody that
> > missed my first mail will see this one! :)
> 
> I can't sponsor your package as I have no upload rights, but reviewed it:

Thanks!

> debian/control:
> * Standards-Version: we are on 3.9.8 since yesterday;

Saw that, will update

> * Vcs-Git: there's no need for "-b master", as this is the default
> branch anyway;

You're right, but I'm an "explicit is better than implicit guy". :)

> * ${shlibs:Depends} can be dropped from the "Depends:" field of each
> binary package, as this isn't need for Python packages;

True that.

> * Architecture: "all" instead of "any" on each binary package.

God, I can't believe I'm still doing that mistake.

> debian/copyright:
> * Copyright for Tristan Waddington is 2011-2015;
> * Copyright for Pierre-Elliott Bécue is 2016;
> * Why did you choose GPL-2+ for the packaging work? As said here
> before[1], this can be a problem, as this license is more restrictive
> than the upstream work, which is MIT.

Ok for copyrights, I took the one from pypi. As for GPL-2+, It's a usual
practice of me, will put MIT.

> debian/rules:
> * Please clean up the file a little, removing (most of) the commented lines;

I thought it'd be better to keep them, but, okay.

> * Add "export PYBUILD_NAME=django-gravatar2"[2]. That's the reason why
> you probably ended up with empty binary packages and needed to add
> custom "*.install" files.

I'm not in fond of PYBUILD_NAME thing since I met a lot of trouble with it.
If that's recommended I'll put it but I'm more a ".install" files guy.

> python3-django-gravatar2.docs and python-django-gravatar2.docs:
> * The preferred format for additional documentation is HTML (Debian
> Policy Manual, § 12.4). If you want to ship the contents of the
> "README.rst" file you probably want to do this after converting them
> to HTML (e.g. using Sphinx).

Will work on it this evening.

> python3-django-gravatar2.install and python-django-gravatar2.install:
> * Unneeded files that should be removed.

See above.

> Additional suggestions:
> 
> * Please create a "debian/source/options"[3] file with
> 'extend-diff-ignore="^[^/]+\.egg-info/"'. Otherwise you can't build
> the package more than one time because dpkg-source will complain about
> modified files.

I do not have any issue to build multiple times, but I'll follow your
advice.

> * Is there a reason why you packaged the tarball from PyPI and not a
> tarball from the upstream repository[4]? I'm asking this because
> there's an override for "override_dh_auto_test" (avoiding it), when
> the upstream repository contains tests that would be nice to bring to
> the Debian package as well.

I'm really uncomfortable with tests un packaging for python apps, but I can
try to remove the override. Anyway, I'm using pybuild, hence the pypi
package fits better and a good way to have a snapshot of upstream's work.

> I hope this helps you to find a sponsor.

Thank you very much for all these advice.

-- 
PEB

Re: Bug#819681: RFS: python-django-gravatar2/1.4.0-1 [ITP]

[Pierre-Elliott Bécue]

Le jeudi 31 mars 2016 à 21:02:04+0200, Pierre-Elliott Bécue a écrit :
> Package: sponsorship-requests
> Severity: wishlist
> 
> Dear mentors,
> 
> I am looking for a sponsor for my package "python-django-gravatar2".
> 
>  * Package name: python-django-gravatar2
>Version : 1.4.0-1
>Upstream Author : Tristan Waddington
>  * URL : https://github.com/twaddington/django-gravatar
>  * License : MIT
>Section : python
> 
> It builds those binary packages:
> 
>   * python-django-gravatar2 - Python2 library that provides essential
> Gravatar support
>   * python3-django-gravatar2 - Python3 library that provides essential
> Gravatar support
> 
> To access further information about this package, please visit the
> following URL:
> 
> http://mentors.debian.net/package/python-django-gravatar2
> 
> Alternatively, one can download the package with dget using this
> command:
> 
> dget -x 
> http://mentors.debian.net/debian/pool/main/p/python-django-gravatar2/python-django-gravatar2_1.4.0-1.dsc
> 
> More information about django-gravatar2 can be found on the github's
> page of the project.  I already tried to look for sponsorship on DPMT
> mailing list, without success so far.
> 
> Regards,

Dear mentors,

So far it appears that I got no reply. I'm trying a small bump in hope that
somebody will get interested because of my motivation, or that somebody that
missed my first mail will see this one! :)

Cheers!

-- 
PEB


signature.asc
Description: PGP signature

Bug#819681: RFS: python-django-gravatar2/1.4.0-1 [ITP]

[Pierre-Elliott Bécue]

Package: sponsorship-requests
Severity: wishlist

Dear mentors,

I am looking for a sponsor for my package "python-django-gravatar2".

 * Package name: python-django-gravatar2
   Version : 1.4.0-1
   Upstream Author : Tristan Waddington
 * URL : https://github.com/twaddington/django-gravatar
 * License : MIT
   Section : python

It builds those binary packages:

  * python-django-gravatar2 - Python2 library that provides essential
Gravatar support
  * python3-django-gravatar2 - Python3 library that provides essential
Gravatar support

To access further information about this package, please visit the
following URL:

http://mentors.debian.net/package/python-django-gravatar2

Alternatively, one can download the package with dget using this
command:

dget -x 
http://mentors.debian.net/debian/pool/main/p/python-django-gravatar2/python-django-gravatar2_1.4.0-1.dsc

More information about django-gravatar2 can be found on the github's
page of the project.  I already tried to look for sponsorship on DPMT
mailing list, without success so far.

Regards,

-- 
Pierre-Elliott Bécue