[Python-modules-team] Sponsor needed for python-itsdangerous

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Apr 2 05:05:11 UTC 2013 

Hi Simon--

On 04/01/2013 04:52 PM, Simon Fondrie-Teitler wrote:

> In anticipation of mediagoblin needing itsdangerous starting with the
> next release, I've created a package for itsdangerous. I've uploaded it
> here: https://mentors.debian.net/package/python-itsdangerous

This packaging looks very good -- simple and clean :)

I'm happy to go ahead and upload it as-is if you want me to.

Reading it makes me curious about 3 questions (none of them blockers), 2
of which are about upstream.  out of curiosity:

 0) Licensing: itsdangerous.py says:

    :license: BSD, see LICENSE for more details.

   but there is no LICENSE file that i can see.  I think the intent here
(and in setup.py) is pretty clear, but i'm not sure where you got the
specifics of debian/copyright from.  Were you in touch with upstream
about which BSD license they prefer?  Or are you extrapolating from the
django codebase some of this descends from?  I'm willing to upload
because i think upstream's intent is clear, but ultimately it will be up
to the ftp-masters to make the call about whether to allow this through
the NEW queue, and having a clear story to tell about the licensing
might be helpful if there is any hiccup at that stage.

 1) Origin: there seem to be multiple sources for this code.
debian/watch suggests fetching it from pypi.org; debian/copyright says
Source: https://github.com/mitsuhiko/itsdangerous (and setup.py appears
to agree), and debian/control says Homepage:
http://pythonhosted.org/itsdangerous/ -- these can all be legitimate
sources for the code, but i'm curious how they relate to each other
upstream.

 2) Maintainership: your package lists you personally as the Maintainer:
in debian/control.  This is fine, but i'm also wondering whether you
want the backup of the python-modules-team backup or not.  If you want
to do this maintenance as part of the python-modules-team, you could
join the team on alioth [0], we could list you as Uploader: and put the
team in the Maintainer: field.  Putting the package under team
maintainership might be a little more work now (e.g. setting up an
alioth account, deciding whether to integrate with team revision
control, etc) and you can always ask folks for help and advice here
whether the package is directly listed for the team or otherwise.  And
of course, this isn't a now-or-never decision; you can always decide to
join the team later if you like, and move your projects under its
umbrella whenever it makes sense to you.

So anyway, please let me know if you want me to upload the current
version as-is, or if you want to talk further about any of the questions
above.

Thanks for your packaging work for debian!

	--dkg

[0] https://alioth.debian.org/projects/python-modules/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/python-modules-team/attachments/20130402/15968124/attachment.pgp>

More information about the Python-modules-team mailing list