Hello Jelmer,
I'm sorry for not replying sooner.
On Wed 04 Dec 2019 at 04:26PM +00, Jelmer Vernooij wrote:
> Thanks for the considerate e-mail; I share your concern that simply
> updating Standards-Version renders it meaningless, and should be
> avoided. I took measures to try to prevent that, and I'm interested to
> hear whether you think those are sufficient.
>
> The bot will only attempt to update the Standards-Version in a select
> set of situations where it can verify that there are no
> changes necessary to comply with the new standards version.
Great, I think we're on the same page.
> The bot currently only supports upgrades between the
> following standards versions:
>
> * 4.1.0 => 4.1.1, if debian/changelog exists
> * 4.2.0 => 4.2.1, no checks (just loosens a requirement for perl
> files)
> * 4.3.0 => 4.4.0, if the package uses debhelper
> * 4.4.0 => 4.4.1, if there is only one Vcs field and none of the file patterns
> in machine-readable debian/copyright refers to a directory[*]
>
> In all other situations, it leaves the Standards-Version field alone -
> requiring a human to deal with updating it.
Cool. That seems like the correct approach.
> These checks were implemented based on my reading of the policy
> upgrading check list [1]. I'm hoping that it can upgrade between more
> versions in the future, but of course in most situations a human will
> need to be involved.
Right.
> So while it verifies that the package is compliant with the
> newer standards version ("violations"), it does not currently check
> that there are no liberties provided by the newer version that the
> package could use ("opportunities"). E.g. it doesn't refuse to
> upgrade to 4.4.0 if there is a Vcs-Hg field without a branch specified
> in the package, where the package maintainer may have wanted to set a
> branch.
>
> I do indeed also manually review all diffs before they end up in merge
> proposals; at the time of writing I have no plans to stop doing this,
> but this is more of a QA step and consists of a fairly casual review -
> I don't expect to be spotting policy violations/opportunities
> consistently at this step.
>
> Please let me know what you think. I'm open to extending the
> number of checks (e.g. to cover for possible "opportunities" like
> setting -b on the Vcs-Hg field) or indeed to stop touching the
> Standards-Version altogether, if policy team would still prefer that.
What you are doing right now looks safe. If you extend Janitor's work
with std-ver to do more than the sort of completely verifiable updates
described above, I would be grateful if you'd share your plans with
debian-policy@lists before implementing them; we may have something
useful to say.
Thank you for thinking carefully about std-ver, and once again for your
work on the Janitor project!
--
Sean Whitton
Attachment:
signature.asc
Description: PGP signature