TODO for zope2.12 package?

Arnaud Fontaine arnau at debian.org
Wed Apr 27 14:10:22 UTC 2011 

Hi,

    >> Also, I have a question which may sound stupid though: how do you
    >>  find out  which  Python  modules to  include  directly into  the
    >> tarball  and the ones which  should be put into  Depends field? I
    >> thought it  might be related to comments  in the buildout recipes
    >> where it is stated  which module APIs are not backward compatible
    >> anymore and will break... Or is it by just comparing the versions
    >> in Debian and the buildout recipe, and if newer, then add them to
    >> the  tarball after checking  that it's not actually  working? Any
    >> hint?

    >  i think  this is  a change  remaining  to be  done: as  far as  i
    > remember, we decided to not use any packaged zope eggs at all, but
    > use local  copies in the zope2.12 orig tarball  instead for all of
    >  them.  i guess  that the  variable DEB_SATISFIED  in debian/rules
    >  controls, which  zope eggs  are fetched  by  get-orig-source, and
    > which are  excluded. this whole exclusion code  is not required if
    > we  use local  copies of _all_  eggs. thus michaels  scripts unter
    > debian/build-scripts can be simplified a lot.

By  _all_  eggs,  you mean  only  the  Zope  eggs, or  even  third-party
dependencies such as ClientForm  and mechanize for examples?  The former
solution may break at some point though...

    > appart from that,  debian/copyright needs to be double-checked and
    > the  format updated.

Yes, thanks.

    > and i suggest to add a debian/README.source which explains how and
    >  why the orig.tar.gz  tarball is  created, mentions  our arguments
    > against using packaged zope  eggs, and points out that we're aware
    > of the problems regarding security fixes.

Perhaps README.Debian  instead as  it could be  useful for  end-users as
well, but well, that's just a detail ;).

    >   once  the packages  are  into  NEW, we  should  send  a mail  to
    > ftpmasters  and the  debian security team  and ask them  for their
    > opinion. i  fear that ftpmasters will reject  our packages as long
    > as  we don't take the time  to explain the situation  in detail to
    > them.

Well, I think it should be better  to do it ASAP rather than waiting for
the packages to  hit NEW (so we don't waste time  ;))... If nobody steps
up, I will send an  email to debian-release@ and debian-security@ in the
next few days.

Thanks for your email.

Cheers,
--
Arnaud Fontaine
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-zope-developers/attachments/20110427/c3391d21/attachment.pgp>

More information about the pkg-zope-developers mailing list