Forum: >>> Magnum BBS <<<

Re: Bug#1090897: ITP: python-sigstore-protobuf-specs -- Python bindings

From Simon Josefsson@21:1/5 to Simon Josefsson on Sat Dec 21 00:40:02 2024

Hi,

I would appreciate packaging review of:

https://salsa.debian.org/python-team/packages/python-sigstore-protobuf-specs

Some questions/concerns:

- Same concern about using PyPI tarballs as for the other packages, some
files are missing compared to upstream's GitHub repository. Maybe
this is actually common for Python packages, and understanding this is
part of my learning curve. But it still feels surprising to me, and a
bit sub-optimal from a supply-chain safety point of view: which
hosting site to rely on? PyPI that publish tarballs, or GitHub who
(should) hold the source code used to generate the tarballs? How to
detect when these differ? What to do about it?

/Simon

Simon Josefsson <simon@josefsson.org> writes:

Package: wnpp
Severity: wishlist
Owner: Simon Josefsson <simon@josefsson.org>
X-Debbugs-Cc: debian-devel@lists.debian.org, debian-python@lists.debian.org

* Package name : python-sigstore-protobuf-specs
Version : 0.3.3
Upstream Author : The Sigstore Authors
* URL : https://github.com/sigstore/protobuf-specs
* License : Apache-2
Programming Lang: Python
Description : Python bindings for Sigstore's protocol buffer (protobuf) specs

These are the Python language bindings for Sigstore's protobuf specs.

I plan to maintain this package as part of the Python team:

https://salsa.debian.org/python-team/packages/python-sigstore-protobuf-specs

Work in progress will hopefully be found here:

https://salsa.debian.org/jas/sigstore-protobuf-specs https://salsa.debian.org/jas/protobuf-specs

/Simon

-----BEGIN PGP SIGNATURE-----

iIoEARYIADIWIQSjzJyHC50xCrrUzy9RcisI/kdFogUCZ2X/VxQcc2ltb25Aam9z ZWZzc29uLm9yZwAKCRBRcisI/kdFolTAAQDU5YMZXvSIkMSIiKimvmc2mFX2V7/3 200kBkhEqQ9/RgD/aAcwdR0iEHP71vHRD+g96DsdxzCoI4ieYKjxXP8MUwg=
=Tcrn
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Who's Online
Recent Visitors
- Adam Fancher
  Thu May 22 20:51:38 2025
  from Winsted, Ct via Telnet
- Jokke
  Thu May 22 20:13:05 2025
  from Be via Telnet
- Jokke
  Thu May 22 15:51:38 2025
  from Be via Telnet
- Adam Fancher
  Thu May 22 15:27:52 2025
  from Winsted, Ct via Telnet
- Skwx
  Thu May 22 15:25:23 2025
  from London, Uk via Telnet
- Jokke
  Thu May 22 11:19:03 2025
  from Be via Telnet
- Jokke
  Thu May 22 10:58:11 2025
  from Be via Telnet
- Jokke
  Thu May 22 10:43:16 2025
  from Be via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	481
Nodes:	16 (2 / 14)
Uptime:	14:15:27
Calls:	9,540
Calls today:	8
Files:	13,653
Messages:	6,139,533
Posted today:	1

Re: Bug#1090897: ITP: python-sigstore-protobuf-specs -- Python bindings

Who's Online

Recent Visitors

System Info