• review for pipenv/2022.10.12-1

    From Jeroen Ploemen@21:1/5 to All on Sat Oct 22 19:40:01 2022
    hi Ileana,

    I took a look at the package update you prepared and put up for
    sponsorship in the Python team:

    * leftover boilerplate comments and examples remain throughout the
    packaging (control, rules, watch), please remove when unused.
    * changelog: isn't #941447 also fixed by the new release? See
    upstream's comment on https://github.com/pypa/pipenv/issues/4144
    * copyright:
    + packaging year bumped for venthur@debian.org but his last
    involvement actually does appear to have been in 2018; you
    probably want to add yourself instead with a 2022 entry?
    + `grep -irn --exclude-dir=debian 'copyr.*\(19\|20\)[0-9]\{2\}' *`
    turns up numerous copyright holders that are missing from
    d/copyright.
    * watch: filenamemangle introduces literal "<project>" string into
    the filename.
    * lintian:
    + numerous hits for 'extra-license-file' and
    'package-contains-documentation-outside-usr-share-doc', triggered
    by license and readme files inside vendored libs; these files
    could easily be removed during build.
    + E: pipenv: python-traceback-in-manpage is a false positive,
    please override.


    PS: I'm kind of surprised a package with this amount of vendoring
    managed to survive the ftp masters' review. Apparently, sometimes
    miracles do happen.

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEd8lhnEnWos3N8v+qQoMEoXSNzHoFAmNUKXgACgkQQoMEoXSN zHp/iQ//fNYeecwBFjY7VEY21SjFlV27/ngWDImgbGE0SQI+wbUYSLydDZ6KWUb5 Yc8WQhQxV7wvS5248NArLC8VTK+Kf5nDEy0e34UsR9ZMuhgcRmrtBfVhCi6cM8st tyOEPGx69pdRinFm/DlICE5wgHE8CT86o0QAcemi86hZOS9Ia6yjDbqLNjg5wjFM ovwHoWSHQmbmK1txqMeFuuUVDdSSNkvVvGibyMPy+JOQMz5jSbUx4We6XNmsKMl7 +2TzFgY378Oi4U1UOblEFJYm1IxwimMEO4Id0GdW0SLmkFX/Q0akHiPAOHCpByDn NPOV/8de+tTyucLoP29hDqtHZCsvAxU0NR5tuaGmDp/zsjpPGIYNIbrQZuIN6Xjq oYUKkz7uMFdZ6KWySBftP13uz2sFuSLAG+JX1xjyf1APfDyjMaTgvyzjPD+VUpVm ETo9U3fk9C1Zt98RIgwr6HnAvqbvpU174sleKRGHR0SKZ1SPfO9Zchz642b+iZtG QaJbj+D7vtjJYdJ6qSzOyeGMh8e4tgu/WC5EJM2LDGeewL9XrjQIkd6adKaM36Bm zc1oqduKsZXb7p0Cgup1jg5MePDa7k5MG9ai4KwgjBlftQ06fWozGhtvEf8URnyz zt8v/QH2Z+5xmES8btwV8fRrmGjragERwN9qXlehwPN0EJBi6BY=
    =cDp+
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Ileana Dumitrescu@21:1/5 to All on Wed Oct 26 16:50:01 2022
    Hi,

    Thank you for the feedback! I made changes as you suggested. There is
    a new upstream version that I also included in the new package. New
    updates are in salsa, and I will put a RFS on the IRC channel.

    Reading debian package policy I noticed that removing files from a
    tarball for a repack (as Bastian suggested in bug #1019714) should
    require a +ds suffix, so I packaged the new version with
    2022.10.25+ds-1. Please let me know if I did this incorrectly or if
    this should not be done for this package.

    + E: pipenv: python-traceback-in-manpage is a false positive,
    please override.

    This did not show up in lintian with the new upstream version.

    PS: I'm kind of surprised a package with this amount of vendoring
    managed to survive the ftp masters' review. Apparently, sometimes
    miracles do happen.

    I totally agree. This package is quite a mess to deal with. Hopefully
    future upstream versions do not keep changing the vendor files,
    otherwise the licensing will continue to be a nightmare. I will
    continue to monitor pipenv as they are releasing new upstreams quite frequently.

    Ileana Dumitrescu

    GPG Public Key: FA26 CA78 4BE1 8892 7F22 B99F 6570 EA01 146F 7354

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Jeroen Ploemen@21:1/5 to Ileana Dumitrescu on Thu Oct 27 19:20:01 2022
    On Wed, 26 Oct 2022 17:29:59 +0300
    Ileana Dumitrescu <ileanadumitrescu95@gmail.com> wrote:

    Thank you for the feedback! I made changes as you suggested. There
    is a new upstream version that I also included in the new package.

    Great! The copyright stuff is a chore on packages like this, so
    thanks alot for seeing that through.

    Reading debian package policy I noticed that removing files from a
    tarball for a repack (as Bastian suggested in bug #1019714) should
    require a +ds suffix, so I packaged the new version with
    2022.10.25+ds-1. Please let me know if I did this incorrectly or if
    this should not be done for this package.

    Indeed, a repacksuffix is used to indicate changes were made to an
    upstream release so that's perfectly fine this way. Typically, +dfsg
    is used to signal the source was repacked for DFSG compliance reasons
    and +ds when repacking for some other reason.

    I did just notice the upstream release contains several other files
    worth considering for removal: a bunch of windows executables [1].

    + E: pipenv: python-traceback-in-manpage is a false positive,
    please override.

    This did not show up in lintian with the new upstream version.

    It seems they revamped the manpage, although the new one also earns a
    lintian hit [1], this time about a bad (missing?) 'whatis' entry.

    Lintian seems to think the source for some html file is missing, but
    at first glance that hit may well be a false positive triggered by
    some bits of javascript.


    Unrelated to any of the above, I pushed some minor changes and
    enabled the CI on salsa.


    [1]https://salsa.debian.org/python-team/packages/pipenv/-/jobs/3434663

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEd8lhnEnWos3N8v+qQoMEoXSNzHoFAmNavSgACgkQQoMEoXSN zHoP7A/7B2/ZP369540FwPTBzdv66V9hYDOwIyk+zIUycFoUS0/sPzfDs79FxoPE coEsSLezVHx/xcKhx5xLkQo0Jbb/VVBm81zRYsUIgekYEQHBS5mKxJn/Bu8hDMCb RgbbCDE1g54fhkdilm9yyOPP0NMGiWmD/WLkbeWTTAbU5AlQV3t5gB0Xw7ZFQO+z ZPoaUzu9WwyTSXOB24no1fmEwvlaZNbMeanBF5n7DJEKcEnMm/qht3YXt4ZQo05w cCDpzxl8cW1NbelXYItqNw+6LWDcFs/E9401Eed9j79xuBt6A0dVmr+ihisSxz5I wt+0D0aabkOOfK32h6+cG3S7LphhLci2+/DBENDc9i27cmk1EDU0Yzt9XPv5t9Eb jtAnqxIARLeolu2+ETOgSRsh3qwUib61TylYfXDMtIHD44nskLus3qLvO0YcHpog O/fi7z9DUXsKLyKgl3sfpBWcoeK85K6QiqagIozSax52DEqTMeO4+43tkcXnJLh+ Vn01SAd4ARxNsUERZ5QsbDO4o+E7LvENbxqXJYftbbwq/ogcYE9baJUDn7aGRhmK 5Ng5kEg4Yoywo+01q4EstgI8tkOjqYKakdGoKFr+2kVbME9B4z4Lx/n32PIfejfZ ZsNkFT4I9jk6cxaQkjH5HyyfCZt1Y9JK/vfjWb1AtsGoZIYM0vQ=
    =Xd2y
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Ileana Dumitrescu@21:1/5 to All on Fri Oct 28 16:10:02 2022
    I did just notice the upstream release contains several other files
    worth considering for removal: a bunch of windows executables [1].

    I agree and can remove those from the source tarball too. To do that
    with the current upstream version in salsa though requires me to git
    reset, re-import the 2022.10.25+ds upstream with updated
    Files-Excluded, then add back the other commits. I have done that
    locally but this requires a force push which is not allowed for the
    debian branch since it is protected.

    Alternatively I can keep the existing upstream import (which only
    excludes get-pipenv.py and not the *.exe files) and add the new
    excluded files in debian/copyright for the next upstream import.
    Please let me know your preference on these repack options, and I will
    update accordingly.

    Lintian seems to think the source for some html file is missing, but
    at first glance that hit may well be a false positive triggered by
    some bits of javascript.

    Unrelated to any of the above, I pushed some minor changes and
    enabled the CI on salsa.

    Thanks! I noticed the false positive and since the lintian test on the
    pipeline fails, I will add a lintian-overrides file so that it can
    pass. I have not pushed that to salsa yet, but I will after hearing
    your preference with the repack.

    Ileana

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Bastian Venthur@21:1/5 to All on Fri Oct 28 18:20:02 2022
    Thanks for taking over!

    I totally lost interest in maintaining that package and kind of
    neglected it because of the vendoring and the package itself or rather
    its upstream. Anyways, I thought I've orphaned it long time ago (maybe I
    forgot to do that). So thank you for taking over, I'm sure a lot of
    users will be happy!


    Cheers,

    Bastian

    --
    Dr. Bastian Venthur https://venthur.de
    Debian Developer venthur at debian org

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Jeroen Ploemen@21:1/5 to Ileana Dumitrescu on Sat Oct 29 09:30:01 2022
    On Fri, 28 Oct 2022 16:46:51 +0300
    Ileana Dumitrescu <ileanadumitrescu95@gmail.com> wrote:

    I did just notice the upstream release contains several other
    files worth considering for removal: a bunch of windows
    executables [1].

    I agree and can remove those from the source tarball too. To do that
    with the current upstream version in salsa though requires me to git
    reset, re-import the 2022.10.25+ds upstream with updated
    Files-Excluded, then add back the other commits. I have done that
    locally but this requires a force push which is not allowed for the
    debian branch since it is protected.

    You can avoid resetting or forcing anything by increasing the
    repacksuffix. As far as both git and the tooling are concerned, that
    makes it an all new upstream version without conflicts with the
    repo's current content, so pushing to git works just fine.

    First update the excluded files in d/copyright and commit that
    change, then run with the usual 'gbp import-orig --pristine-tar
    --uscan'. When gbp asks you for the upstream version, modify the +ds
    part to +ds2 and proceed with that.

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEd8lhnEnWos3N8v+qQoMEoXSNzHoFAmNc1K8ACgkQQoMEoXSN zHoLBxAA51f7MOjPVQ21YsyskmyVJu8xVJn7ySfvSzCS1yVygl7HmREkWXuVXHkE oOUPY9JGJloYzY1sxTp1RnWG7IkRcyP8up7kHRuopxpAlqDcPjuJ0G2Wda7Wpdx2 gUoMLu39pVOClYZAzPp2zXxylq6PgZdbuFBHh5e7AbV7tFGYAYemHRceHWBOmu9V Y33rB6ykxou7L/yxjAqWQVNrPafUeWdc233WkElkk8Lz0nb57+bAY7oAwwz36yDj i2pJzwFTVEQUnfcuVEd4OY1cq9GojuLeORKzG9U3Xlnt4SN9lvopldN+iozpJysr 421Cc9teXFBsdBERgQdGqQGFR72z4hSIOtAm86Bf0UEbqGUC1hPxYR470GbIloai mLLP0IRrJi3a/B1DDMm65JLG4xSbePFas9LYdFHI9VLDG0eD3d44cEtlVBrKBIFE EICJQluyhe8kf16la20um5pTZRsGohR65DISMDeO6f2jNsllH7nmruyNC+RNBbRI uXqSuGG+fW9B7rbIn4nmN5h4Be+ZuWWa5NhBzhh/IVB7etbNFgEptd3wYG3UWj49 tIB1WbKvIiBcOI/7W65G4n+eHPfdoNBvzFvOPyFq1vKq8INyNdsgGDNgTuYTJP2z t1g+qrnGNZ2VrpQmZR/8strEIPMlMYzJcZDTWWpHFxdreLyFJhQ=
    =T5SX
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Ileana Dumitrescu@21:1/5 to All on Mon Oct 31 15:50:01 2022
    You can avoid resetting or forcing anything by increasing the
    repacksuffix. As far as both git and the tooling are concerned, that
    makes it an all new upstream version without conflicts with the
    repo's current content, so pushing to git works just fine.

    First update the excluded files in d/copyright and commit that
    change, then run with the usual 'gbp import-orig --pristine-tar
    --uscan'. When gbp asks you for the upstream version, modify the +ds
    part to +ds2 and proceed with that.

    Thanks! uscan was not quite letting me use gbp import-orig but I was
    able to update the excluded files and have uscan re-download the new
    tarball correctly. Then I just had to rename the tarball with the +ds2
    version and use gbp import-orig <path to new tarball>. Anyway that
    produced the intended result, so I pushed that along with the lintian-overrides, and the pipeline passes.

    I totally lost interest in maintaining that package and kind of neglected
    it because of the vendoring and the package itself or rather its upstream. >> Anyways, I thought I've orphaned it long time ago (maybe I forgot to do
    that). So thank you for taking over, I'm sure a lot of users will be happy!

    No problem! I am happy to help. I added myself as an uploader also,
    and I do not think there is a need to formally orphan if the team
    still maintains it (and I will continue to upload).

    Ileana

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)