TODO for zope2.12 package?

Jonas Meurer jonas at freesources.org
Mon Apr 25 16:26:34 UTC 2011 

Hey,

On 25/04/2011 Arnaud Fontaine wrote:
> Today, Gaël and me tested the  package of Zope 1.12[0] following the IRC
> meeting where it  has been decided to have a  tarball containing all the
> dependencies[1].
> 
> Besides of minor changes committed in that repository, the package seems
> to work very well as I was able to create an instance without any glitch
> (Kudos  to Michael Mulich,  Jonas Meurer,  Fabio Tranchitella  and Bernd
> Zeimetz for their great work on the package!).
> 
> So,  as I'm  quite new  to Zope  packaging, I'm  wondering what  are the
> remaining things to do before  actually uploading the package? Are there
> any remaining important issues to address?

that's great news. thanks a lot for your work as well.

> Also, I have  a question which may sound stupid though:  how do you find
> out which  Python modules to include  directly into the  tarball and the
> ones  which should  be put  into Depends  field? I  thought it  might be
> related to  comments in  the buildout recipes  where it is  stated which
> module APIs are not backward  compatible anymore and will break... Or is
> it by just comparing the versions in Debian and the buildout recipe, and
> if newer,  then add  them to  the tarball after  checking that  it's not
> actually working? Any hint?

i think this is a change remaining to be done: as far as i remember, we
decided to not use any packaged zope eggs at all, but use local copies
in the zope2.12 orig tarball instead for all of them.
i guess that the variable DEB_SATISFIED in debian/rules controls, which
zope eggs are fetched by get-orig-source, and which are excluded. this
whole exclusion code is not required if we use local copies of _all_
eggs. thus michaels scripts unter debian/build-scripts can be simplified
a lot.

appart from that, debian/copyright needs to be double-checked and the
format updated. and i suggest to add a debian/README.source which
explains how and why the orig.tar.gz tarball is created, mentions our
arguments against using packaged zope eggs, and points out that we're
aware of the problems regarding security fixes.

once the packages are into NEW, we should send a mail to ftpmasters and
the debian security team and ask them for their opinion.

i fear that ftpmasters will reject our packages as long as we don't take
the time to explain the situation in detail to them.

greetings,
 jonas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-zope-developers/attachments/20110425/e4bc35fd/attachment.pgp>

More information about the pkg-zope-developers mailing list