[Bug 2007279] Re: [MIR] libdigest-md5-file-perl & libswitch-perl (dependency of devscripts)
Christian Ehrhardt
2007279 at bugs.launchpad.net
Wed Mar 1 09:40:17 UTC 2023
Review for Package: libdigest-md5-file-perl
Hmm, another package not touched in ages, so one can think it is stable
or neglected?
In any case this isn't much code, but just being 400 lines it has
plenty of code duplication (all _, _hex, _base64 could be unified)
and plenty of whitespace damage which does not increase confidence.
This is again used for a rater small change which might be resolved with less
dependencies [1].
[1]:
https://salsa.debian.org/debian/devscripts/-/commit/f50644205a5fdd1d9ca91bdf01c98ba364a80d15
MIR team NACK
Please have a look at implementing this without perl-dependency-proliferation
and propose it to devscripts on Salsa.
[Duplication]
What does it provide?:
1. md5 of files, but Digest::file can deal with that just fine
https://perldoc.perl.org/Digest::file
This can be just one line without this module
https://stackoverflow.com/a/53016159/6361589
This is part of base perl and thereby preferred
2. md5 for url, doing that directly would be just one line more
https://stackoverflow.com/questions/13679914/perl-get-md5-hash-of-a-fetched-file
libwww-perl already is in the dependencies of devscripts and in main.
Using that is only a minor change but saves many people one more perl
module on disk used for something that would easily work without.
... stopping evaluation here.
I might be convinced to re-consider it if there is a strong argument for
it that I have missed, but without that it really looks like a minor change in
src:devscripts that will help to:
a) keep developer system free of more perl lib sprawl on disk
b) keep the more actively supported set of libs in main under control
** Changed in: libdigest-md5-file-perl (Ubuntu)
Assignee: Christian Ehrhardt (paelzer) => (unassigned)
** Changed in: libdigest-md5-file-perl (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2007279
Title:
[MIR] libdigest-md5-file-perl & libswitch-perl (dependency of
devscripts)
Status in devscripts package in Ubuntu:
Triaged
Status in libdigest-md5-file-perl package in Ubuntu:
Incomplete
Status in libswitch-perl package in Ubuntu:
Incomplete
Bug description:
[Availability]
- The package libdigest-md5-file-perl is already in Ubuntu universe.
- The package libdigest-md5-file-perl build for the architectures it is designed to work on.
- It currently builds and works for architetcures: all
- Link to package [[https://launchpad.net/ubuntu/+source/libdigest-md5-file-perl]]
[Rationale]
- The package libdigest-md5-file-perl is required in Ubuntu main for devscripts
- The package libdigest-md5-file-perl will not generally be useful for a large part of
our user base, but is important/helpful still because it is needed by devscripts, a
package very commonly used by Debian and Ubuntu developers, and also some power users
who wish to build their own packages.
- It would be great and useful to community/processes to have the
package libdigest-md5-file-perl in Ubuntu main, but there is no definitive deadline.
[Security]
- No CVEs/security issues in this software in the past
- no `suid` or `sgid` binaries
- no executables in `/sbin` and `/usr/sbin`
- Package does not install services, timers or recurring jobs
- Packages does not open privileged ports (ports < 1024)
- Packages does not contain extensions to security-sensitive software
(filters, scanners, plugins, UI skins, ...)
[Quality assurance - function/usage]
- The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu/Upstream and does
not have too many, long-term & critical, open bugs
- Ubuntu https://bugs.launchpad.net/ubuntu/+source/libdigest-md5-file-perl/+bug
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libdigest-md5-file-perl
- Upstream's bug tracker: https://rt.cpan.org/Public/Dist/Display.html?Name=Digest-MD5-File
[Quality assurance - testing]
- The package runs a test suite on build time, if it fails
it makes the build fail, link to build log
https://launchpadlibrarian.net/514920504/buildlog_ubuntu-hirsute-amd64.libdigest-md5-file-perl_0.08-1.1_BUILDING.txt.gz
- The package does not run an autopkgtest because it is not
implemented
[Quality assurance - packaging]
- debian/watch is present and works
- debian/control defines a correct Maintainer field
- This package does not yield massive lintian Warnings, Errors
- Please link to a recent build log of the package
https://launchpadlibrarian.net/652669289/buildlog_ubuntu-lunar-amd64.libdigest-md5-file-perl_0.08-1.1ubuntu1_BUILDING.txt.gz
- Please attach the full output you have got from
`lintian --pedantic` as an extra post to this bug:
See the attachment libdigest-md5-file-perl.lintian.log
- Lintian overrides are present, but ok because there is a false-positive
with first-person pronoun used in the description where it is actually
the `my` syntax in Perl.
- This package does not rely on obsolete or about to be demoted packages.
- The package will not be installed by default
- Packaging and build is easy, link to d/rules
https://git.launchpad.net/ubuntu/+source/libdigest-md5-file-perl/tree/debian/rules
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- No further depends or recommends dependencies that are not yet in main
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- Owning Team will be Foundations Team
- Team is not yet, but will subscribe to the package before promotion
- This does not use static builds
- This does not use vendored code
- This package is not rust based
- The package was test rebuilt in PPA or sbuild recently:
https://launchpadlibrarian.net/652669289/buildlog_ubuntu-lunar-amd64.libdigest-md5-file-perl_0.08-1.1ubuntu1_BUILDING.txt.gz
[Background information]
The Package description explains the package well
Upstream Name is Digest-MD5-File
Link to upstream project https://metacpan.org/dist/Digest-MD5-File
--- --- --- --- ---
[Availability]
The package libswitch-perl is already in Ubuntu universe.
The package libswitch-perl build for the architectures it is designed to work on.
It currently builds and works for architetcures: all
Link to package [[https://launchpad.net/ubuntu/+source/libswitch-perl]]
[Rationale]
- The package libswitch-perl is required in Ubuntu main for devscripts
- The package libswitch-perl will not generally be useful for a large part of
our user base, but is important/helpful still because it is needed by devscripts, a
package very commonly used by Debian and Ubuntu developers, and also some power users
who wish to build their own packages.
- It would be great and useful to community/processes to have the
package libswitch-perl in Ubuntu main, but there is no definitive deadline.
[Security]
- No CVEs/security issues in this software in the past
- no `suid` or `sgid` binaries
- no executables in `/sbin` and `/usr/sbin`
- Package does not install services, timers or recurring jobs
- Packages does not open privileged ports (ports < 1024)
- Packages does not contain extensions to security-sensitive software
(filters, scanners, plugins, UI skins, ...)
[Quality assurance - function/usage]
- The package works well right after install
[Quality assurance - maintenance]
- The package has important open bugs:
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480106
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656545
- https://rt.cpan.org/Ticket/Display.html?id=142923
[Quality assurance - testing]
- The package runs a test suite on build time, if it fails
it makes the build fail, link to build log
https://launchpadlibrarian.net/607630437/buildlog_ubuntu-kinetic-amd64.libswitch-perl_2.17-3_BUILDING.txt.gz
- The package runs an autopkgtest, and is currently passing on
amd64 arm64 armhf ppc64el s390x, link to test logs
https://autopkgtest.ubuntu.com/packages/libswitch-perl
(i386 failed due to unmet dependencies)
[Quality assurance - packaging]
- debian/watch is present and works
- debian/control defines a correct Maintainer field
- This package does not yield massive lintian Warnings, Errors
- Please link to a recent build log of the package:
https://launchpadlibrarian.net/652670389/buildlog_ubuntu-lunar-amd64.libswitch-perl_2.17-3ubuntu1_BUILDING.txt.gz
- Please attach the full output you have got from
`lintian --pedantic` as an extra post to this bug:
See attachment libswitch-perl.lintian.log
- Lintian overrides are not present
- This package does not rely on obsolete or about to be demoted packages.
- The package will not be installed by default
- Packaging and build is easy, link to d/rules
https://git.launchpad.net/ubuntu/+source/libswitch-perl/tree/debian/rules
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- No further depends or recommends dependencies that are not yet in main
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- Owning Team will be Foundations Team
- Team is not yet, but will subscribe to the package before promotion
- This does not use static builds
- This does not use vendored code
- This package is not rust based
- The package was test rebuilt in PPA or sbuild recently:
https://launchpadlibrarian.net/652670389/buildlog_ubuntu-lunar-amd64.libswitch-perl_2.17-3ubuntu1_BUILDING.txt.gz
[Background information]
The Package description explains the package well
Upstream Name is Switch
Link to upstream project https://metacpan.org/dist/Switch
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/devscripts/+bug/2007279/+subscriptions
More information about the foundations-bugs
mailing list