Bug#985728: ITP: howdy -- Infrared Facial Authentication Module for Linux
Hey Gard, Weirdly I can't see that package locally at all. Probably because I'm on such an old distro. I'm not 100% sure if that dlib package ships with the python bindings or if it's just the C++ version. I'll look into that. If it does have python bindings then that solves the problem in its entirety. You're not too negative at all! I'm entirely new to this part of the packaging process so your feedback has been invaluable to me, so thanks a lot! With kind regards, Lem Severein On Tue, Mar 23, 2021 at 2:22 PM Gard Spreemann wrote: > > Lem Severein writes: > > > Hey Gard, > > > > Thanks for the helpful links, I fully understand your concern. > > > > I can do away with the numpy and opencv installs through the (much more > > outdated) python-numpy and python-opencv debian packages respectively. > > However, dlib does not seem to have such a package yet and having to > > maintain that would be out of scope for me. I'm only a dlib user, not a > > contributor, and i don't think it would be my place to package it. > > https://tracker.debian.org/pkg/dlib ? Or is this a different dlib? > > > However, dlib is available through pip and running that command would be > > idempotent. > > OK, but your package cannot rely on stuff installed through pip! > > > (I wrongly hit "Reply" instead of "Reply All" in my last email, thanks > for > > letting me know) > > No problem. And I hope I'm not coming across as too negative; I just > wanna make sure you're not wasting a lot of effort on packaging > something that ends up being undistributable in Debian :-) > > -- Gard >
Bug#985728: ITP: howdy -- Infrared Facial Authentication Module for Linux
Lem Severein writes: > Hey Gard, > > Thanks for the helpful links, I fully understand your concern. > > I can do away with the numpy and opencv installs through the (much more > outdated) python-numpy and python-opencv debian packages respectively. > However, dlib does not seem to have such a package yet and having to > maintain that would be out of scope for me. I'm only a dlib user, not a > contributor, and i don't think it would be my place to package it. https://tracker.debian.org/pkg/dlib ? Or is this a different dlib? > However, dlib is available through pip and running that command would be > idempotent. OK, but your package cannot rely on stuff installed through pip! > (I wrongly hit "Reply" instead of "Reply All" in my last email, thanks for > letting me know) No problem. And I hope I'm not coming across as too negative; I just wanna make sure you're not wasting a lot of effort on packaging something that ends up being undistributable in Debian :-) -- Gard signature.asc Description: PGP signature
Bug#985728: ITP: howdy -- Infrared Facial Authentication Module for Linux
Hey Gard, Thanks for the helpful links, I fully understand your concern. I can do away with the numpy and opencv installs through the (much more outdated) python-numpy and python-opencv debian packages respectively. However, dlib does not seem to have such a package yet and having to maintain that would be out of scope for me. I'm only a dlib user, not a contributor, and i don't think it would be my place to package it. The absolute minimum install would only install pre-packaged dlib through pip or compile it from source. However, dlib is available through pip and running that command would be idempotent. If apt install is aborted then pip will simply retry installing dlib the next time apt installation is attempted. If the pip dlib install goes through and postinst is called again pip will simply state that dlib is already installed. (I wrongly hit "Reply" instead of "Reply All" in my last email, thanks for letting me know) With kind regards, Lem Severein On Tue, Mar 23, 2021 at 12:51 PM Gard Spreemann wrote: > > Lem Severein writes: > > > Unfortunately the dlib compilation step is necessary to be executed on > the > > machine itself. The build automatically enables certain hardware > > accelerations, depending on system components. > > I think people would be quite upset with a d/postinst script that not > only builds third-party software (already a problem), but also reaches > out to the internet to fetch said software (without even getting into > the fact that the authenticity of the downloaded software is not > verified, which is a separate problem independent of Debian). > > Additionally, the current maintainer scripts don't look very idempotent > (Policy § 6.2 [1]). > > > If complete offline installation is a must I could move the dlib into the > > Howdy deb file. Not sure how that would work license wise. > > This sounds like a violation of Policy § 4.13 [2]. > > If the local dlib compilation is indeed a requirement for this package, > I would hazard a guess that it is not distributable in Debian. > > > [1] > https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html#maintainer-scripts-idempotency > > [2] > https://www.debian.org/doc/debian-policy/ch-source.html#embedded-code-copies > > > Best, > Gard >
Bug#985728: ITP: howdy -- Infrared Facial Authentication Module for Linux
Lem Severein writes: > Unfortunately the dlib compilation step is necessary to be executed on the > machine itself. The build automatically enables certain hardware > accelerations, depending on system components. I think people would be quite upset with a d/postinst script that not only builds third-party software (already a problem), but also reaches out to the internet to fetch said software (without even getting into the fact that the authenticity of the downloaded software is not verified, which is a separate problem independent of Debian). Additionally, the current maintainer scripts don't look very idempotent (Policy § 6.2 [1]). > If complete offline installation is a must I could move the dlib into the > Howdy deb file. Not sure how that would work license wise. This sounds like a violation of Policy § 4.13 [2]. If the local dlib compilation is indeed a requirement for this package, I would hazard a guess that it is not distributable in Debian. [1] https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html#maintainer-scripts-idempotency [2] https://www.debian.org/doc/debian-policy/ch-source.html#embedded-code-copies Best, Gard signature.asc Description: PGP signature
Bug#985728: ITP: howdy -- Infrared Facial Authentication Module for Linux
Lem Severein writes: > Version 3.0.0 will introduce large changes and make Howdy a lot more > mature. I think it's time to try and package it within the main debian > archive. > > I am the main developer and maintainer of this package, and i > intend to continue to support Howdy. I'm not sure in what team > this package would fit, but a sponsor would be nice. Maybe this is already covered under the discussion of the more mature version 3 coming up, but: the shenanigans going on in the postinst script (like downloading stuff from the internet) seem to me quite worrisome. Best, Gard signature.asc Description: PGP signature
Bug#985728: ITP: howdy -- Infrared Facial Authentication Module for Linux
Package: wnpp Severity: wishlist Owner: Lem Severein * Package name: howdy Version : 3.0.0 Upstream Author : Lem Severein * URL : https://boltgolt.nl/howdy * License : MIT Programming Lang: Python, C++ Description : Infrared Facial Authentication Module for Linux Howdy provides Windows Hello style authentication for Linux. Use your built-in infrared emitters and camera in combination with facial recognition to prove who you are. Based on visitor and download statistics Howdy is already used on tens of thousands of systems. Currently distributed with a PPA or deb file directly. Version 3.0.0 will introduce large changes and make Howdy a lot more mature. I think it's time to try and package it within the main debian archive. I am the main developer and maintainer of this package, and i intend to continue to support Howdy. I'm not sure in what team this package would fit, but a sponsor would be nice.
