Re: pyrit package

To: Marcos Fouces <marcos.fouces@gmail.com>, Sophie Brun <sophie@freexian.com>, debian-security-tools@lists.debian.org
Subject: Re: pyrit package
From: Christian Kastner <ckk@debian.org>
Date: Sun, 3 Feb 2019 19:41:41 +0100
Message-id: <[🔎] d52028ed-1ab0-cae7-d7e7-8ef10eae4f4e@debian.org>
In-reply-to: <[🔎] 7118e548-08d5-cac4-d48c-06649757c02b@gmail.com>
References: <83c6e75c-ea2e-ede8-5821-3b2d812a951a@gmail.com> <[🔎] f5f2d6fc-b2b0-c73d-bb26-871593abf2f7@debian.org> <[🔎] b74a6f38-a2ad-e80b-21e9-9638a91d33e9@freexian.com> <[🔎] da09ab60-2f5e-dc8d-cc12-59b287803cfd@debian.org> <[🔎] 7118e548-08d5-cac4-d48c-06649757c02b@gmail.com>

Hi all,

On 03.02.19 18:17, Marcos Fouces wrote:
> Hello Sophie
> 
> I already uploaded the repo [0]. I tried to merge all the work on both
> distros (Kali and Debian).
> 
> [0] https://salsa.debian.org/pkg-security-team/pyrit.git

an initial review, after having skimmed over the changes:

 * I probably would have handled the merges differently, specifically
   with regards to the stuff under debian/. There's a back-and-forth
   between undoing/ redoing changes that could have been avoided. eg:
   commits 4612353b, 9705b0be

   Tip: for big changes such as these, it often pays off to explore and
   share these on a non-master branch first ;-)

   See my proposed strategy at the bottom.

 * Other changes, such as the move from PAPT to pkg-security, and the
   changes of Vcs-* from PAPT to security, get somewhat lost on the way
   by this approach (it looks like a switch from Kali to pkg-security)

 * My changes to debian/copyright in 52e9035d got lost

 * 05_Fix-minor-spelling-errors.patch could use some more DEP3 headers,
   for example Forwarded: yes -- right after having forwarded it, which
   is a good practice to do right away ;-)

 * In debian/changelog, there's no need for the last line "Restore
   changes [resulting from this merge]": d/changelog only documents
   changes between package releases, sort of as Release Notes

   The change & restore you are referring to only happened within git,
   but that's not relevant (or even visible) to someone installing
   the package, so they shouldn't be listed


Seeing as master is only a few hours old, and hasn't been tagged yet
(and probably not even seen yet), I'd even consider rebasing master back
to 0.4.0-8 and starting the merge over, on a separate branch, and

  (1) Carrying out the upstream switch
  (2) Updating upstream to 0.5.1+gitxxx
  (3) Merging in parts of Sophie's changes (but eg: keeping out Vcs-*)
  (4) Merging in Marcos changes

And when everything is OK, merging the result from this branch into master.

However, I'm not familiar how strict pkg-security is with their repos,
and whether rebasing (even a rather harmless one, as in this case), is
strictly forbidden.

Regards,
Christian

PS: 0.4.0-8 was built successfully everywhere, so it appears that at the
minimum, that version will be in buster.

Reply to:

Follow-Ups:
- Re: pyrit package
  - From: Raphael Hertzog <hertzog@debian.org>

References:
- Re: pyrit package
  - From: Christian Kastner <ckk@debian.org>
- Re: pyrit package
  - From: Sophie Brun <sophie@freexian.com>
- Re: pyrit package
  - From: Christian Kastner <ckk@debian.org>
- Re: pyrit package
  - From: Marcos Fouces <marcos.fouces@gmail.com>

Prev by Date: Re: pyrit package
Next by Date: Request for review/upload of rhash 1.3.8-1
Previous by thread: Re: pyrit package
Next by thread: Re: pyrit package
Index(es):
- Date
- Thread