Bug#839833: RFS: gkeyring/0.4-1 [ITP]

To: Yann Soubeyrand <yann-externe.soubeyrand@edf.fr>, 839833@bugs.debian.org
Subject: Bug#839833: RFS: gkeyring/0.4-1 [ITP]
From: Paul Wise <pabs@debian.org>
Date: Thu, 6 Oct 2016 12:49:13 +0800
Message-id: <[🔎] CAKTje6GjQ8+-8CNjPZeViq9mOyyRsO-ggkUWmpYoD57L_XsiGw@mail.gmail.com>
Reply-to: Paul Wise <pabs@debian.org>, 839833@bugs.debian.org
In-reply-to: <[🔎] 1475678786.9399.11.camel@edf.fr>
References: <[🔎] 1475678786.9399.11.camel@edf.fr>

Control: owner -1 !
Control: tags -1 + moreinfo

On Wed, Oct 5, 2016 at 10:46 PM, Yann Soubeyrand wrote:

>   dget -x https://mentors.debian.net/debian/pool/main/g/gkeyring/gkeyring_0.4-1.dsc

I intend to sponsor this.

These issues block the upload of this package:

Neither the upstream tarball nor debian/ contain a copy of the AGPLv3.
I see upstream has one in their repository, so they just need to tag a
new release and you need to update to it, or you could package the
commit that adds it. The debian/copyright file should also contain a
full copy of the AGPLv3.

These issues would be nice to fix:

The watch file is broken (see below).

I think you probably only need python rather than python-all?

The Vcs-Browser field points at the upstream repository instead of the
Debian one, please remove it or replace it.

The Vcs-Git field should be present when Vcs-Browser is pointing at a
git repository browser.

The Homepage field should point at github because of this on the launchpad page:

The project is now hosted here:
https://github.com/kparal/gkeyring
This Launchpad site is used for its Answers discussion forum only.

Remove the word Python from the description, the implementation
language isn't relevant to end users.

This command will make diffs of debian/ easier to read:

wrap-and-sort --short-indent --wrap-always --sort-binary-packages
--trailing-comma

The debian/ directory is usually licensed under the same license as upstream.

Please add some upstream metadata:

https://wiki.debian.org/UpstreamMetadata

Please get the manual page included upstream, or get documentation
included in gkeyring.py and have the manual page generated from it
using sphinx and sphinxcontrib-autoprogram/sphinx-argparse.

Please ask upstream about switching to or supporting Python 3 and then
switching to it in Debian.

Upstream is using an image for flattr, I'd suggest they drop it and
only use the existing link, otherwise HTML versions of the README.rst
will violate the privacy of people who load those HTML files. github
is mitigating that by serving all external images from github.com but
it could still occur if someone were to render the document to HTML.

Upstream may want to use signed commits tags and releases:

https://mikegerwitz.com/papers/git-horror-story
https://wiki.debian.org/Creating%20signed%20GitHub%20releases
https://wiki.debian.org/debian/watch#Cryptographic_signature_verification

Upstream may want to read our guide for upstreams:

https://wiki.debian.org/UpstreamGuide

Once the package reaches Debian, add debtags and screenshots:

https://debtags.debian.org/
https://screenshots.debian.net/

Automated checks:

lintian:

P: gkeyring source: debian-watch-may-check-gpg-signature

check-all-the-things:

$ env PERL5OPT=-m-lib=. cme check dpkg
...
Warning in 'control source Build-Depends:0' value 'debhelper (>= 9~)':
should be (>= 9) not (>= 9~) because compat is 9
...
you can try 'cme fix dpkg' to fix the warnings shown above

# check if these can be switched to https://
$ grep -rF http: .
./gkeyring.py:# http://www.gnu.org/licenses/agpl-3.0.html
./gkeyring.py:#
http://blogs.codecommunity.org/mindbending/bending-gnome-keyring-with-python-part-2/
./README.rst:You can install this tool from `PyPI
<https://pypi.python.org/pypi/gkeyring>`_ (using `pip
<http://pip.openplans.org/>`_, `setuptools
<http://peak.telecommunity.com/DevCenter/setuptools>`_ or `distutils
<http://docs.python.org/install/index.html#install-index>`_)::
./README.rst:This program is a free software, licensed under `GNU AGPL
3+ <http://www.gnu.org/licenses/agpl-3.0.html>`_.
./README.rst:.. image:: http://api.flattr.com/button/flattr-badge-large.png
./debian/copyright: along with this program. If not, see
<http://www.gnu.org/licenses/>.
./debian/copyright: along with this program. If not, see
<http://www.gnu.org/licenses/>.

# Note the missing / at the end of the URL
$ env PERL5OPT=-m-lib=. license-reconcile
FormatSpec: Cannot recognize format: Format:
https://www.debian.org/doc/packaging-manuals/copyright-format/1.0 at
/usr/share/perl5/Debian/LicenseReconcile/App.pm line 222, <GEN0> line
3.

# This command checks style. While a consistent style
# is a good idea, people who have different style
# preferences will want to ignore some of the output.
# Do not bother adding non-upstreamable patches for this.
$ find -type f -iname '*.py' -exec pep8 --ignore W191 {} +
<lots>

$ find -type f -iname '*.py' -exec pyflakes {} +
./gkeyring.py:158: 'gtk' imported but unused

$ find -type f -iname '*.py' -exec pyflakes3 {} +
./gkeyring.py:189:26: invalid syntax
        except ValueError, e:

$ find -type f -iname '*.py' -exec pylint --rcfile=/dev/null
--msg-template='{path}:{line}:{column}: [{category}:{symbol}] {obj}:
{msg}' --reports=n {} +
<lots>

$ env PERL5OPT=-m-lib=. uscan --report-status --no-verbose
uscan warn: In watchfile debian/watch, reading webpage
  https://github.com/kparal/gkeyring/archive/ failed: 404 Not Found

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Reply to:

Follow-Ups:
- Bug#839833: RFS: gkeyring/0.4-1 [ITP]
  - From: SOUBEYRAND Yann - externe <yann-externe.soubeyrand@edf.fr>

References:
- Bug#839833: RFS: gkeyring/0.4-1 [ITP]
  - From: Yann Soubeyrand <yann-externe.soubeyrand@edf.fr>

Prev by Date: Bug#839859: marked as done (RFS: poppassd/1.8.5-4.1 [RC, NMU])
Next by Date: Processed: Re: Bug#839833: RFS: gkeyring/0.4-1 [ITP]
Previous by thread: Bug#839833: RFS: gkeyring/0.4-1 [ITP]
Next by thread: Bug#839833: RFS: gkeyring/0.4-1 [ITP]
Index(es):
- Date
- Thread