At 2023-11-15T14:58:15+, Jeremy Stanley wrote:
> I replied to you there too, but you still never seemed to be able to
> explain... why do you need to put an OpenPGP key on the service
> you're using to upload Python packages (not Debian packages) to
> PyPI, given that PyPI doesn't support uploa
Jeremy Stanley writes:
> Or build and sign the .tar.gz, then provide the .tar.gz file to the
> upload automation on GitHub for publishing to PyPI.
Oh, yes, that would work. You'd want to unpack that tarball and re-run
the tests and whatnot, but all very doable.
--
Russ Allbery (r...@debian.or
Package: wnpp
Severity: wishlist
Owner: Josenilson Ferreira da Silva
X-Debbugs-Cc: debian-devel@lists.debian.org, nilsonfsi...@hotmail.com
* Package name: python-singledispatch-json
Version : 0.4.0
Upstream Contact: Davis-Foster
* URL : https://github.com/domdfcoding/
On 2023-11-15 16:03:54 -0800 (-0800), Russ Allbery wrote:
[...]
> Well, you *can*, but you would have to then download the .tar.gz from
> PyPI, perform whatever checks you need to in order to ensure it is a
> faithful copy of the source release, and then sign it and put that .asc
> file somewhere (
Salvo Tomaselli writes:
> I am currently not using any service to upload to pypi. But this
> requires the occasional creation and deletion of global tokens.
> The only way to avoid global tokens is to upload from github, in which
> case I can no longer sign the .tar.gz.
Well, you *can*, but you
On 2023-11-16 00:20:40 +0100 (+0100), Salvo Tomaselli wrote:
> In data mercoledì 15 novembre 2023 15:58:15 CET, Jeremy Stanley ha scritto:
> > why do you need to put an OpenPGP key on the service
> > you're using to upload Python packages (not Debian packages) to
> > PyPI, given that PyPI doesn't s
Package: wnpp
Severity: wishlist
Owner: Yogeswaran Umasankar
X-Debbugs-Cc: debian-devel@lists.debian.org, kd8...@gmail.com
* Package name: python-pyrgg
Version : 1.4
Upstream Contact: Sepand Haghighi
* URL : https://github.com/sepandhaghighi/pyrgg
* License :
I wrote:
>nil...@mailbox.org wrote:
>>
>>>2. The Proton Mail web client automatically encrypts email to anyone who
>>>it has a key for. Usually, this would be a great thing, but it means
>>>that emailing 1234 at bugs.debian.org while CCing
>>>uploader_since_this_is_an_rc_...@debian.org will encryp
Hello,
I would like to add an observation tangential to your points A), explanation
to new contributors, and B) potentially advise against the use of Proton Mail
for Debian work to yield a «no, Proton Mail can be useful for some Debian
work».
In December 2022/January 2023, I found a sponsor for m
Hi,
My few smallcoins, responding to each of the proposed outcomes (even
if they were intended to be mutually-exclusive...) are:
A) Educating contributors that retaining control of their signing keys
is important seems valuable -- it seems OK to provide a few
illustrative examples of situations w
Package: wnpp
Severity: wishlist
Owner: Timo Röhling
X-Debbugs-Cc: debian-devel@lists.debian.org
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
* Package name: python-laszip
Version : 0.2.3
Upstream Author : Thomas Montaigu
* URL : https://github.com/tmontaigu/laszip
On 2023-11-15 11:01:35 +0100 (+0100), Salvo Tomaselli wrote:
[...]
> I was recently discussing with pypi and core python developers,
> and it seems that their take is very different than ours.
>
> It seems that pypi completely removed support for signed updates,
> and instead now verification happ
Hello,
I completely agree with you and many others on that regard. A private
key is private, and shall not be stored in a server where multiple users
might access to and open to internet, which can be compromised.
Doing this makes the attack surface substantially larger, and given the
target
Package: wnpp
Severity: wishlist
Owner: dann frazier
X-Debbugs-Cc: debian-devel@lists.debian.org
* Package name: virt-firmware
Version : 23.10
Upstream Contact: Gerd Hoffmann
* URL : https://gitlab.com/kraxel/virt-firmware
* License : GPL-2+
Programming Lang
nil...@mailbox.org wrote:
>
>>2. The Proton Mail web client automatically encrypts email to anyone who
>>it has a key for. Usually, this would be a great thing, but it means
>>that emailing 1234 at bugs.debian.org while CCing
>>uploader_since_this_is_an_rc_...@debian.org will encrypt the email tha
Hi!
On Tue, 2023-11-14 at 17:29:01 +1100, Craig Small wrote:
> What:
> Create a new package procps-base. This uses the existing procps source
> package and just enable building of pidof. procps-base will be an Essential
> package and only contain pidof.
>
> Why:
> This would bring the pidof varia
Hi!
On Thu, 2023-11-09 at 17:38:05 -0500, Benjamin Barenblat wrote:
> coreutils can link against OpenSSL, yielding a substantial speed boost
> in sha256sum etc. For many years, this was inadvisable due to license
> conflicts. However, as of bookworm, coreutils requires GPL-3+ and
> OpenSSL is Apac
Hi,
I'm new to this mailing list, having joined hoping to contribute to Debian, so
I hope you won't mind me offering my opinion here, with this being a subject
I'm quite keen on.
> On 15 Nov 2023, at 12:01, Salvo Tomaselli wrote:
>
> In data mercoledì 15 novembre 2023 03:21:34 CET, Simon Rich
While I do think that PM generating a PGP key by default is a good
thing. Even if they are compromised, it is still better than no
encryption for the vast majority of user *as long as they are not used
for something else*.
The problem for us is that it is not possible to upload subkeys to PM,
whic
Nilesh Patra wrote on 15/11/2023 at 03:49:12+0100:
> On 15 November 2023 5:10:50 am IST, Nicholas D Steeves
> wrote:
>>On the surface, this means Proton Mail (free account) is great! And for
>>general use, I feel like we should be supportive of them; however, I'm
>>starting to wonder if we need
On 2023-11-11 09:32, Julian Andres Klode wrote:
> While libraries are dependencies of Essential packages, they
> themselves are distinctively not Essential, they are pseudo-essential.
Fair enough, but still the general point of being very careful about
what we make (pseudo-)essential is valid and
Package: wnpp
Severity: wishlist
Owner: Maytham Alsudany
X-Debbugs-CC: debian-devel@lists.debian.org, debian...@lists.debian.org
* Package name: golang-github-kr-logfmt
Version : 0.0~git20210122.19f9bcb-1
Upstream Author : Keith Rarick and Blake Mizerany
https:
22 matches
Mail list logo
