Hi Guillem (2024.10.05_01:32:45_+)
> > 1. sigstore https://docs.sigstore.dev/
>
> Although I've heard of this before, I never really checked what is
> the actual design behind it, and its implications.
I'm new to all this too, but I can answer some of those questions from
my own reading:
> I
Hi!
On Fri, 2024-10-04 at 18:21:01 +, Stefano Rivera wrote:
> Picking up a thread that started on debian-python@lists.debian.org:
> https://lists.debian.org/msgid-search/14198883.O9o76ZdvQC@galatea
>
> Upstreams that care about supply chain security have been building
> mechanisms to authenti
* Stefano Rivera: " Alternative signature mechanisms for upstream source
verification" (Fri, 4 Oct 2024 18:21:01 +):
[...]
> Should we expand this to include some of these new mechanisms?
> Things brought up in the debian-python thread include:
> 1. sigstore https://docs.sigstore.dev/
> 2.
Control: tags -1 moreinfo
Carsten,
On Friday, October 4, 2024 11:18:04 AM MST Carsten Schoenert wrote:
> the Python policy hasn't got updates and adjustments since years, a lot
> of things are a bit outdated e.g. how to handle Python2 based packages.
>
> The part Sandro was referring to is §4.3
On Fri, 04 Oct 2024 at 09:41:45 -0700, Soren Stoutner wrote:
> The bug report doesn’t explain exactly what aspect doesn’t
> comply with the policy, but I assume it comes down to python3-trezor
> installing to the following two directories, which have disparate names:
>
> /usr/lib/python3/dist-pa
Picking up a thread that started on debian-python@lists.debian.org:
https://lists.debian.org/msgid-search/14198883.O9o76ZdvQC@galatea
Upstreams that care about supply chain security have been building
mechanisms to authenticate their releases, beyond PGP signatures.
For example, Python started pro
Hello Soren,
Am 04.10.24 um 18:41 schrieb Soren Stoutner:
When I adopted this package, there was an existing bug report [1] claiming
that the existing binary package name needs to be changed to comply with
Python Policy. The bug report doesn’t explain exactly what aspect doesn’t
comply with th
Carsten,
On Friday, October 4, 2024 8:09:14 AM MST Carsten Schoenert wrote:
> Am 03.10.24 um 07:10 schrieb Soren Stoutner:
> > Sandro,
> >
> > I have just taken over maintenance of python-trezor and would like to
> > rectify
> > this problem. As I have never renamed a python binary package, I wo
Hello Soren,
Am 03.10.24 um 07:10 schrieb Soren Stoutner:
Sandro,
I have just taken over maintenance of python-trezor and would like to rectify
this problem. As I have never renamed a python binary package, I would like
to make sure I handle it correctly.
I can see the package is indeed insta
Control: tags -1 + upstream moreinfo
Control: forwarded -1
https://github.com/projectmallard/mallard-ducktype/issues/21
On Fri, 04 Oct 2024 at 11:22:32 +0100, Colin Watson wrote:
> While pkg_resources is indeed deprecated upstream, there's nothing that
> we can sensibly do about it at the Debian
On Thu, 03 Oct 2024 at 15:54:16 +, James Addison wrote:
> I'd like to request an upload of the src:meson-python package, in
> particular to close bug #1076806, a reproducibility bug related to
> documentation copyright notices
Done, but I'm curious why making this particular package reproducib
11 matches
Mail list logo
