TODO for zope2.12 package?

Thu Apr 28 10:48:15 UTC 2011

Hey,

On 27/04/2011 Arnaud Fontaine wrote:
>     >> Also, I have a question which may sound stupid though: how do you
>     >>  find out  which  Python  modules to  include  directly into  the
>     >> tarball  and the ones which  should be put into  Depends field? I
>     >> thought it  might be related to comments  in the buildout recipes
>     >> where it is stated  which module APIs are not backward compatible
>     >> anymore and will break... Or is it by just comparing the versions
>     >> in Debian and the buildout recipe, and if newer, then add them to
>     >> the  tarball after checking  that it's not actually  working? Any
>     >> hint?
> 
>     >  i think  this is  a change  remaining  to be  done: as  far as  i
>     > remember, we decided to not use any packaged zope eggs at all, but
>     > use local  copies in the zope2.12 orig tarball  instead for all of
>     >  them.  i guess  that the  variable DEB_SATISFIED  in debian/rules
>     >  controls, which  zope eggs  are fetched  by  get-orig-source, and
>     > which are  excluded. this whole exclusion code  is not required if
>     > we  use local  copies of _all_  eggs. thus michaels  scripts unter
>     > debian/build-scripts can be simplified a lot.
> 
> By  _all_  eggs,  you mean  only  the  Zope  eggs, or  even  third-party
> dependencies such as ClientForm  and mechanize for examples?  The former
> solution may break at some point though...

Se my followup to Gaels reply.

>     > and i suggest to add a debian/README.source which explains how and
>     >  why the orig.tar.gz  tarball is  created, mentions  our arguments
>     > against using packaged zope  eggs, and points out that we're aware
>     > of the problems regarding security fixes.
> 
> Perhaps README.Debian  instead as  it could be  useful for  end-users as
> well, but well, that's just a detail ;).

sure, README.Debian is fine as well ;-)

>     >   once  the packages  are  into  NEW, we  should  send  a mail  to
>     > ftpmasters  and the  debian security team  and ask them  for their
>     > opinion. i  fear that ftpmasters will reject  our packages as long
>     > as  we don't take the time  to explain the situation  in detail to
>     > them.
> 
> Well, I think it should be better  to do it ASAP rather than waiting for
> the packages to  hit NEW (so we don't waste time  ;))... If nobody steps
> up, I will send an  email to debian-release@ and debian-security@ in the
> next few days.

Great, go ahead! And thanks a lot for your work on zope2.12 packages!

greetings,
 jonas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-zope-developers/attachments/20110428/f37f05ea/attachment.pgp>