[pkg-php-pear] [about Symfony] What's next?

Thu Jan 8 06:48:10 UTC 2015

Hi David,

On Tue, 2014-12-30 at 21:49 -0400, "David Prévot" wrote:
> Hi,
> 
> > Thus it would be great if you could push your work on [
] Symfony
> 
> It's pushed. I just quickly reviewed the Bridge and Bundle changes. There
> will also be (at least) the new VarDumper Component to handle, as well as
> ensuring the new Tests work fine (it would be nice to get them working on
> ci.debian.net this time ;).
> 

I added the php-symfony-var-dumper.

In order to have tests for 2.6.x running again, we need two new
build-dependencies. I reused the old Symfony initial packaging page on
wiki.d.o [1] to lists those. Do you have time to package them? If it is
not time-critical to you (and you are willing to give me some support),
I can can try to package at least one of them.

Regarding the failing DEP-8 as-installed tests, I'm currently unable to
reproduce the errors found in the logs on ci.d.n on my local setup. I
think I need to check my "B10autopkgtests" hook in pbuilder, in order to
being able to reproduce the fails occurring on ci.d.n.

> There are also new (base64 encoded) images in the code I've reviewed, but
> I haven't yet looked at updating d/copyright.
> 

I took care about those new images/icons. None of them were added by
SensioLabs and none of them were added under a special license, which in
turn means all were added under the terms of EXPAT. Thus no updates to
d/copyright were needed, but I updated d/licensing/image-checksums.dcf
in order to have the image-license-checker recognize the new images.

In commit 7fcd3caeff248fa100cc2abe65632efcd6829808 I added four
(versioned) provides, since upstream kind of split symfony/security
into:
symfony/security-acl
symfony/security-core
symfony/security-csrf
symfony/security-http
An alternative to this would be to package those into individual binary
packages and make the existing php-symfony-security an empty binary
package depending on all of them. But this would make packaging (yet)
more complex and I do not see a benefit worth doing so in it.

Regarding the 2.3 series of Symfony, there were three new upstream
releases (2.3.24 is current). As far as I saw, there were at least no
heavy security related issues fixed in any of the new releases (however
there were quite some fixes in the security component). Nevertheless I
would like to update the 2.3 series, but I'm unsure how this complies
with the freeze.
Is there a chance of getting a new version (without pointing out major
security issues) into the now frozen testing?

Greetings
Daniel

PS.: I just saw you updated the packaging to 2.6.3. I refreshed the
patches for it and updated the (snapshot) changelog entry accordingly.

[1] https://wiki.debian.org/PHP/SymfonyComponents

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-pear/attachments/20150108/1ef4dd17/attachment.sig>