[Pkg-privacy-maintainers] RFS: codecrypt, the post-quantum cryptography tool

Ximin Luo infinity0 at debian.org
Sat Mar 5 18:07:22 UTC 2016 

Miroslav Kratochvil:
> Anyway, I guess that the workflow stays mostly the same and the rest of the
> whole gbp framework with upstream branches&tags&so simply doesn't get used
> here, is it right? At least gbp-dch and similar tools kindof refuse to work
> without related branchwork.
> 

It's still preferable to use separate branches. The reason is that Debian is very release-oriented, and version you give in debian/changelog is supposed to be exactly the same tarball that was released that the Debian packaging is based on.

For example your current repo would not be suitable, because you made extra commits to the non-Debian part of your software on top of v1.7.3. The correct Debian version string in this case would be something like 1.7.3+git20160305.34ede39-1 but in practise it's easier to just stick with released versions, and use separate branches.

Easiest way forward for you probably would be to remove debian/, commit this, address the other issues (a-e) from my other emails, release 1.7.4, commit this, then you have a few options:

(a) re-insert debian/ on a separate "debian" branch and update debian/changelog to say 1.7.4-1. You should probably also add the following to debian/gbp.conf:

[buildpackage]
upstream-tree = master
debian-branch = debian

(b) keep the debian packaging files in a completely separate repo, and import your tarball releases using `gbp import-orig`. You can see [1] for an example. With this option, it would be preferable to keep this repo on Debian's infrastructure, in which case you should create an account on alioth and join our pkg-privacy group [2].

[1] https://anonscm.debian.org/cgit/pkg-privacy/packages/golang-goptlib.git/log/
[2] https://alioth.debian.org/projects/pkg-privacy/

(c) Combine (a) and (b) together, with the combined repo hosted on Debian alioth. This is a bit more complex but you can see [3] for an example:

[3] https://anonscm.debian.org/cgit/pkg-privacy/packages/obfs4proxy.git/log/

The gbp commands to run to make (c) work are a little bit more complex; take a look at upstream-vcs-tag in `man gbp-import-orig` or ask me on IRC for help.

(end stuff about repo layout)

Apart from that, everything looks great! I'm kind of impressed that your first packaging attempt didn't show up any lintian warnings/errors :) There's a few minor things to fix though:

debian/control:
- use https:// links
  - though firefox complains about insecure connection when I try to visit https://e-x-a.org/codecrypt
- add Vcs-Browser and Vcs-Git fields, be sure to use https://
- "encryption&signing" -> "encryption and signing"

debian/copyright:
- use https:// links
- "GPL-3" should instead say "LGPL-3+"

X

-- 
GPG: ed25519/56034877E1F87C35
GPG: rsa4096/1318EFAC5FBBDBCE
git://github.com/infinity0/pubkeys.git

More information about the Pkg-privacy-maintainers mailing list