[pkg-php-pear] composer and debian

andrea rota a at xelera.eu
Thu Jun 27 20:36:17 UTC 2013 

Mathiey and David, thanks for your feedback and help:

On Wed, Jun 26, 2013 at 06:16:12PM -0400, David Prévot wrote:
[...]
> Vcs-Browser should be:
>    http://anonscm.debian.org/gitweb/?p=pkg-php/php-symfony-process.git

aaargh! :)
thanks, that's fixed now.

> >> - Have you run lintian on it? It seems long desc is probably too
> >> short. You should explain what symfoy is here.
> > 
> > thanks - i have expanded this a bit
> 
> I’ve used something slightly different for the common part, aiming to be
> understandable not only by specialists (they already know what they want):
> 
>    Description: Symfony framework - Routing component
>     Symfony is a PHP framework, a set of tools and a development
>     methodology.
> 
> I’m open to suggestions and other improvements: it would be nice if we
> could agree on something (debian-l10n-english could help us provide a
> fine wording).

your longdesc is indeed less dev-oriented and more in line with the way
upstream describe their own project. i'd say it's good.

[...]

> Furthermore among other details, I used an upstream URL for Homepage
> instead of the github source one, used something more human-readable as
> Upstream-Name, kept the same license as upstream for the packaging, and
> included a watch file,

all sounds good to me - thanks for your suggestions: i have updated my
packaging accordingly.

On Thu, Jun 27, 2013 at 12:12:47PM +0200, Mathieu Parent wrote:
> 2013/6/26 andrea rota <a at xelera.eu>:
> [...]
> > gitweb is complaining about missing tree
> > (http://anonscm.debian.org/gitweb/?p=pkg-php/php-symfony-process.git;a=tree):
> > do i need to create a master branch, or do i set the default tree
> > somewhere else?
> 
> Done:
> echo 'ref: refs/heads/debian-sid' > /git/pkg-php/php-symfony-process.git/HEAD

thanks.

[...]
> use dh_installchangelogs instead (with an override).

great, thanks.

[...]

On Thu, Jun 27, 2013 at 06:22:40PM +0200, Mathieu Parent wrote:
> 2013/6/27 David Prévot <taffit at debian.org>:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA256
> >
> > Hi,
> >
> > Le 27/06/2013 06:17, Mathieu Parent a écrit :
> >> 2013/6/27 David Prévot <taffit at debian.org>:
> >> [...]
> >>>
> >>>>> - the tests should probably be installed
> >>>>
> >>>> you're right - there's no reason why they shouldn't be there
> >>>
> >>> Actually, I disagree here: tests may not be “secured”, and mostly aimed
> >>> to be used to verify the program (e.g. at build time) in “extreme”
> >>> conditions. Keeping tests in the executable path often opens a security
> >>> issue. So I would rather encourage you to not ship them unless a real
> >>> security audit has been performed on this code.
> >>
> >> If tests are a security risk, the code itself probably is.
> >
> > Maybe, but we’ve already witnessed real life practical issues with tests
> > in PHP code, e.g.:
> >
> >         http://owncloud.org/about/security/advisories/oC-SA-2013-005/
> 
> Oh! Unfortunately, I haven't found how it can be exploited.
> 
> >> Using test at runtime ensure everything is correct
> > […]
> >> See also : http://dep.debian.net/deps/dep8/
> >
> > Not sure these two statements are related. DEP-8 looks an empty
> > placeholder that doesn’t suggest real runtime execution (“run
> > "as-installed" tests”, “context as close as possible to a Debian
> > system”) that links to autopkgtest’s current specification (have a look
> > at the Tests-Directory definition):
> >
> > http://anonscm.debian.org/gitweb/?p=autopkgtest/autopkgtest.git;a=blob_plain;f=doc/README.package-tests;hb=HEAD
> 
> You are right. The tests are run from the source package.
> 
> I still prefer to have a package to test, rather than the source
> package (then, packaging it as a secondary package?).

ok, so all in all i would leave out the tests from the component's
library directory under /usr/share/php/Symfony for the time being.

in fact, i'm not sure why upstream mixes tests within the library code,
but if these should be shipped, it may be good to find another place in
the filesystem hierarchy for them. but i guess we could get back to this
once the first working version of these Symfony packages is in good
shape.

updated version incorporating feedback is on git.debian.org:
http://anonscm.debian.org/gitweb/?p=pkg-php/php-symfony-process.git;a=summary

best,
andrea

-- 
andrea rota

Xelera - IT infrastructures
http://xelera.eu/contact-us/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1530 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-pear/attachments/20130627/1d99019f/attachment.sig>

More information about the pkg-php-pear mailing list