On 12/4/25 1:28 PM, Stefano Rivera wrote: > Package: python3-pyisomd5sum > Version: 1.2.3-5 > Severity: serious > Tags: patch > > python3-pyisomd5sum is installing its extensions directly into the > cPython stdlib. That's insane. 3rd party library modules belong in > /usr/lib/python3/dist-packages/. > > $ apt-file show python3-pyisomd5sum > python3-pyisomd5sum: > /usr/lib/python3.13/pyisomd5sum.cpython-313-x86_64-linux-gnu.so > python3-pyisomd5sum: > /usr/lib/python3.14/pyisomd5sum.cpython-314-x86_64-linux-gnu.so > > If you were using any standard build tooling, you'd automatically get > your files put in the right place, but alas... it's all hand-written in > debian/rules. > > I can at least give you an patch that let you take advantage of > pybuild. > > Stefano
Thank you for the patch. I am preparing updated packages for isomd5sum 1.2.5 and will include the port to pybuild. Please tone down the rhetoric. The package indeed does have serious incorrect behavior as you discovered, but is not "insane", as evidenced by the fact that it has not been caught in the package's *20 years* of existence, until now. If someone would have asked me if I thought it was building and installing into dist-packages from memory, I would have said of course it does. The package as a whole predates pybuild by 7 years. Identifying a serious policy issue is good. Helping contribute to the solution is very good. Berating the person you are reporting the issue to is not helpful. Thank you, Ryan
