Re: DPT repositories checks/"violations" report

To: debian-python@lists.debian.org
Subject: Re: DPT repositories checks/"violations" report
From: Scott Kitterman <debian@kitterman.com>
Date: Sat, 27 Nov 2021 09:38:41 +0000
Message-id: <[🔎] 318988FB-253F-499D-9B9F-385634035A28@kitterman.com>
In-reply-to: <[🔎] CAB4XWXy2LbjWRdBt1HrJDGfveJfg6hrCd8D9W9L1jOx7sfoTOQ@mail.gmail.com>
References: <[🔎] CAB4XWXy2LbjWRdBt1HrJDGfveJfg6hrCd8D9W9L1jOx7sfoTOQ@mail.gmail.com>


On November 27, 2021 6:01:08 AM UTC, Sandro Tosi <morph@debian.org> wrote:
>Hello,
>while working on something else[1], i noticed how many of the
>repositories in the DPT salsa group are in poor shape:
>
>* missing branches
>* changes not pushed to salsa
>* general misalignment in configuration/setup/organization
>* many other small nuances
>
>[1] https://github.com/sandrotosi/debian-python-team-tracker
>
>That makes it hard to make mass work as in [1], so I thought it would
>be interesting to have a tool to evaluate the amount of issues our
>repos have, and identify such "violations" so that they can be
>addressed.
>
>That information is now available at [2].
>
>[2] https://github.com/sandrotosi/dpt-repos-check/blob/main/violations.txt
>
>please take the content with caution, as it's still an early, raw
>draft (i spot-checked some of the reported issues, but there could be
>bugs/issues) and it contains data that can be outdated (see below re
>caching); the fact that the report indicates only 43 repos are without
>violations is a bit disarming, but i think the tool tries to err on
>the side of verbosity and pedantry, with 2 level of violations (ERROR
>and WARNING) to mark which ones are the most important that require
>immediate attention vs the nice-to-have ones.
>
>The checks are under-documented, although they should be somehow
>self-explanatory. While the current format is just a text file, I plan
>on getting it converted to markdown, although I'm still not sure how
>to convey that amount of information effectively.
>
>The report is extremely intensive to generate, as it needs to make 10+
>API calls to salsa.d.o for each repository, and it gets throttled
>quite early in the run (i got away in dev by installing a cache, so
>that i could test it without hitting salsa every time, but that makes
>some info stale); for that reason, and if we decide is valuable to
>generate it periodically, i don't expect to be able to run it more
>than once a month (maybe once a week? TBD).
>
>Comments, critics and improvements are welcome.

I don't think the pypi tarball "issue" should be presumed to be a problem at all.  I wasn't paying attention to Debian when that discussion happened, but in my experience there was a lot wrong with the idea.  A properly constructed sdist is exactly what we want to build a package from.  That's almost never found on GitHub.

Scott K

Reply to:

Follow-Ups:
- Re: DPT repositories checks/"violations" report
  - From: Simon McVittie <smcv@debian.org>

References:
- DPT repositories checks/"violations" report
  - From: Sandro Tosi <morph@debian.org>

Prev by Date: DPT repositories checks/"violations" report
Next by Date: xcffib update for qtile packaging
Previous by thread: DPT repositories checks/"violations" report
Next by thread: Re: DPT repositories checks/"violations" report
Index(es):
- Date
- Thread