hi Mahangu, I took a look at the datasette package, up for sponsorship in the Python team:
* repo: current Debian revision is already tagged on some old commit;
please don't tag until an upload has been done, see team policy.
* repo: CI not active, please enable.
* changelog: please leave the release at UNRELEASED, per team policy.
* watch: needs to handle upstream test releases, either by preventing
them from getting matched in the first place, or by properly
mangling the upstream version.
* orig tarball generated from the pristine-tar branch differs from
what uscan pulls in from github for the same upstream release:
(output from tardiff -m -s)
- .coveragerc
- .dockerignore
- .git-blame-ignore-revs
- .gitattributes
- .github
[...]
- .gitignore
- .isort.cfg
- .prettierrc
- .readthedocs.yaml
- CODE_OF_CONDUCT.md
- Dockerfile
+ PKG-INFO
- codecov.yml
+ datasette.egg-info
[...]
- datasette/vendored/pint/LICENSE
- demos
[...]
- docs
[...]
- package-lock.json
- package.json
- pytest.ini
/ setup.cfg ( 6 + /
1 -)
- test-in-pyodide-with-shot-scraper.sh
- tests/__init__.py
- tests/build_small_spatialite_db.py
- tests/conftest.py
- tests/ext.c
- tests/fixtures.py
- tests/plugins
[...]
- tests/spatialite.db
- tests/test_datasette_https_server.sh
- tests/test_templates
[...]
- tests/utils.py
* sources have a vendored copy of 'pint', already packaged in debian
as python3-pint. Please try using the packaged one, unless the
vendored copy somehow special/modified.
* copyright: what are the 2017-2024 upstream copyright years based on?
* copyright: missing info for datasette/vendored/pint.
* copyright: minified file datasette/static/cm-resize-1.0.1.min.js
does come with explicit info on the copyright holder (2017-2018
Andreas Borgen, rather than just a nickname).
* rules: no need to override dh_auto_clean just to 'rm -rf' a bunch of
files; simply list everything in d/clean instead.
* manpage: debian/datasette.1 says it's generated by help2man. Do you
actually need to keep a static copy in git, or could this file be
autogenerated on build (ensuring it's always up-to-date for the
packaged release)?
* upstream/metadata: missing link to upstream documentation.
(https://docs.datasette.io/)
* control: sorting the deps would be helpful for readability.
* control: why all the hardcoded deps on the binary pkg? You usually
shouldn't be doing that unless the substitution variable
${python3:Depends} gets things wrong.
* control: missing deps for unconditional imports of markupsafe:
datasette/tracer.py:4:from markupsafe import escape
datasette/app.py:23:from markupsafe import Markup, escape
datasette/views/base.py:8:from markupsafe import escape
datasette/views/database.py:5:from markupsafe import Markup, escape
datasette/views/database.py:8:import markupsafe
datasette/views/table.py:5:import markupsafe
datasette/handle_exception.py:8:from markupsafe import Markup
datasette/utils/__init__.py:9:import markupsafe
...which seems to be missing from install_requires in setup.py as
well; possible upstream bug?
* control: missing build-deps on pytest, pytest_asyncio, bs4,
possibly others; needed for tests. The missing pytest causes pybuild
to default to unittests, and therefore not run any tests on build
at all.
* control: setting the testsuite field to autopkgtest-pkg-pybuild is
pointless when no tests are run on build.
* control: please mark any build-deps that are only needed for
testing with <!nocheck>.
* control: possible unused build-dep on pytest-runner?
* lintian: X: datasette: application-in-library-section python
[usr/bin/datasette]
Does the datasette module see use outside of the app itself (for
example by scripts, plugins or addons), or is the whole thing an
application that just happens to be written in Python and thus
internally takes the shape of a module? In the latter case, it is
customary to install the module in a private dir (typically
/usr/share/<pkgname>/...).
Was any testing done, preferably in a somewhat clean environment (VM
or similar)? Does the whole install/uninstall code (using pip) in
datasette/cli.py actually work in Debian?
Once the above comments have been addressed, simply re-add the
package to the IRC channel topic and/or ping me by e-mail.
pgpywmlOAhgSg.pgp
Description: OpenPGP digital signature
