TODO for zope2.12 package?
Jonas Meurer
jonas at freesources.org
Thu Apr 28 10:48:15 UTC 2011
Hey,
On 27/04/2011 Arnaud Fontaine wrote:
> >> Also, I have a question which may sound stupid though: how do you
> >> find out which Python modules to include directly into the
> >> tarball and the ones which should be put into Depends field? I
> >> thought it might be related to comments in the buildout recipes
> >> where it is stated which module APIs are not backward compatible
> >> anymore and will break... Or is it by just comparing the versions
> >> in Debian and the buildout recipe, and if newer, then add them to
> >> the tarball after checking that it's not actually working? Any
> >> hint?
>
> > i think this is a change remaining to be done: as far as i
> > remember, we decided to not use any packaged zope eggs at all, but
> > use local copies in the zope2.12 orig tarball instead for all of
> > them. i guess that the variable DEB_SATISFIED in debian/rules
> > controls, which zope eggs are fetched by get-orig-source, and
> > which are excluded. this whole exclusion code is not required if
> > we use local copies of _all_ eggs. thus michaels scripts unter
> > debian/build-scripts can be simplified a lot.
>
> By _all_ eggs, you mean only the Zope eggs, or even third-party
> dependencies such as ClientForm and mechanize for examples? The former
> solution may break at some point though...
Se my followup to Gaels reply.
> > and i suggest to add a debian/README.source which explains how and
> > why the orig.tar.gz tarball is created, mentions our arguments
> > against using packaged zope eggs, and points out that we're aware
> > of the problems regarding security fixes.
>
> Perhaps README.Debian instead as it could be useful for end-users as
> well, but well, that's just a detail ;).
sure, README.Debian is fine as well ;-)
> > once the packages are into NEW, we should send a mail to
> > ftpmasters and the debian security team and ask them for their
> > opinion. i fear that ftpmasters will reject our packages as long
> > as we don't take the time to explain the situation in detail to
> > them.
>
> Well, I think it should be better to do it ASAP rather than waiting for
> the packages to hit NEW (so we don't waste time ;))... If nobody steps
> up, I will send an email to debian-release@ and debian-security@ in the
> next few days.
Great, go ahead! And thanks a lot for your work on zope2.12 packages!
greetings,
jonas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-zope-developers/attachments/20110428/f37f05ea/attachment.pgp>
More information about the pkg-zope-developers
mailing list