Differences between revisions 413 and 417 (spanning 4 versions)
Revision 413 as of 2020-07-16 14:52:30
Size: 16607
Editor: ?GregorHerrmann
Comment: update lintian ideas
Revision 417 as of 2020-12-21 20:44:06
Size: 16827
Editor: ?GregorHerrmann
Comment: add link to 2020 BoF
Deletions are marked like this. Additions are marked like this.
Line 56: Line 56:
 * perl 5.32 transition: fix [[https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=perl-5.32-transition;users=debian-perl@lists.debian.org|related bugs]], check in [[https://gobby.debian.org/export/Teams/Perl/Perl-5.32-QA|gobby]].
Line 92: Line 93:
   * uploading d/changelog with unresolved TODO / WAITS-FOR / IGNORE-VERSION / etc.
Line 97: Line 97:
   * missing copyright year(s) in d/copyright (or big friendly warning instead of year(s), as added by dh-make-perl)    * missing copyright year(s) in d/copyright
Line 127: Line 127:
   [Last run: 2020-01-29, gregoa]    [Last run: 2020-11-06, gregoa]
Line 212: Line 212:
 * [[https://lists.debian.org/msgid-search/9f4b51a3-a081-d12f-96e7-78dc26192f0d@debian.org|Minutes]] from the meeting at DebConf in August 2020.

Debian Perl Group - Open tasks

This page collects ideas for tasks within the Teams/DebianPerlGroup. These tasks can be worked on at DebCamp, at a team sprint or might be tackled by volunteers "at home".

It should have an up to date list of open tasks, please remove completed tasks; for documentation please add links to the History section below (instead of adding them in between the tasks here).

Policy / issues for discussion (DebConf BoF)

Release-critical bugs

RM candidates (usertagged "rm-candidate"):

Leaf package with RC Bugs

Use the "rm-candidate" usertag (see above).

Leaf means either 0 or $few rdeps

Ping upstream, i.e. tell them we are going to remove it from Debian unstable in 3 weeks if no action. New forwarded reports should wait 3 months until the next step.

Here is a template mail used by Dom:

Dear Maintainer,

The Debian perl group is reviewing packages with bugs which make them un-releasable; in particular when they are not heavily used by Debian users. We would like to remove such modules from Debian if we don't think they are likely to be fixed.

Module::Packaged is one such module, owing to this bug, and we would like to know whether you have any plans to look at the bug in the foreseeable future before we remove the package from Debian.

If we don't hear anything we will remove the package from Debian on or around 23rd February. This of course does not affect the standing of your module on CPAN.

Thank you for maintaining this module so far!

Transitions

Packages/tools

List of tasks that need to be performed on all/many of our packages; or maintenance tools ...

  • bundle packages: just do it, and see what happens (notes: pkg-components, ftp-master clarification)

  • QA: cast to pointer from integer of different size: file bugs/fix (<4F304B7A.7010903@periapt.co.uk>, https://qa.debian.org/bls/bytag/I-pointer-cast-size-mismatch.html)

  • Check all libapp-*-perl (and potentially other) packages for real applications whose (binary) packages should rather be named foo instead of libapp-foo-perl.

    • All those packages likely also need to moved outside the perl section, i.e. into utils, misc, text, devel, etc.

    • Known packages affected by this:
      • libapp-termcast-perl
      • libapp-nopaste-perl
  • After the jessie release and after perl adds versioned provides: simplify (build-) depends on dual-lifed modules.
  • Add/check autopkgtests to all packages.
  • Move code to Perl modules in pkg-perl-tools so we can easily reuse them in other packages and tools:
    • pkg-perl-tools/scripts/debian-upstream vs. DhMakePerl::Command::Packaging::create_upstream_metadata

    • 823067: dh-make-perl: please split Debian::Control into a separate binary package

    • pkg-perl-tools/scripts/upstream-repo should be cleaned up and/or rewritten in perl

dh-make-perl

  • find a co-maintainer for dh-make-perl
  • continue breaking it into isolated modules
  • improve POD coverage
  • TODO

  • bugs

  • combine dh-make-perl's "refresh" with cme's update functionality

packagecheck{,.pl}

  • Rewrite packagecheck (in Perl, modular, maybe not only for pkg-perl)
    • packagecheck provides some function of "cme check dpkg". It may be better to improve dpkg model taking into account our needs (dod)

lintian profile

  • a lintian vendor profile exists now in pkg-perl-tools; list of things we could want to add there:
    • boilerplate README
    • metacpan URLs
    • watchfile regexp
    • unversioned perl in Depends:

    • missing copyright year(s) in d/copyright
    • cf. TODO in pkg-perl-tools source package

  • lintian use warnings FATAL => 'all' check (see rationale and details).

Recurring tasks

The /!\ symbol marks (sub)tasks which are temporarily broken by the alioth → salsa move (and the end of PET caused by it)

  • /!\ Check RFP/ITP packages

  • /!\ Yearly cleanup (remove packages from Git that were injected but never finished for upload)

    • retrieve the list is taken from PET ("New packages" section)

    • send the list to our mailing-list, with some deadline (example email)

    • wait until the deadline expires
    • delete the Git repositories using the remove-repository script

      • [Last cleanup started: 2017-08-01, gregoa]
  • Check packages not uploaded for more than 6 years using the sort_unreleased_packages.pl script or ltnu pkg-perl (from devscripts). (6 years because there's a quite sharp edge. The cleanup in December 2013 found about 30 packages not uploaded for > 6 years, but 120 packages last uploaded between 5 and 6 years.)

    • [Last check: December 2013, XTaran]
  • Run duck in all git repositories and check the errors it found. Do not rely to much on the duck website as it only checks the state of packages in the archive, and many issues are already fixed or were only added in the git repositories.

  • /!\ Yearly Alioth project member ping: send a ping (Do you still want to be a member?) to those who haven't done something for $time, and remove those who reply with No or who don't reply. In order to get a more realistic picture, and maybe also to remove unnecessary permissions.

    • on Alioth: in /home/groups/pkg-perl/scripts: run ./find-inactive-contributors build and ./find-inactive-contributors info > ~/inactive-contributors-ping.csv

    • download inactive-contributors-ping.csv to local scripts.git checkout, inactive-contributors-ping/ directory e.g.

    • optionally use @debian.org for non -guest accounts, e.g. run perl -i.orig -pe 's/users\.alioth\.// unless /-guest,/' inactive-contributors-ping.csv

    • check/update inactive-contributors-ping.yaml config/template in inactive-contributors-ping/ directory

    • make sure you have python3-gnupg installed and $GPG_AGENT_INFO set, then use the mail-merge script, as: ../mail-merge inactive-contributors-ping.yaml inactive-contributors-ping.csv

    • which will drop mails into a new subdirectory named <msg-id from the template>.d

    • send them out (use your alioth shell account if your local MTA can't): for file in <msg-id from the template>.d/*; do /usr/lib/sendmail -ti < $file; done

    • Additionally: remove them from Uploaders in all packages, e.g. with mass-commit and cme dpkg-control modify source Uploaders:-~"/foo/"

      • [Last check: 2017-09-15, alexm]
  • Run 'dpt get-ubuntu-packages | sort -u | dpt lp-mass-subscribe' to subscribe our Launchpad team, ~pkg-perl-maintainers to all bugs concerning packages we maintain. This script must be run by a Launchpad team administrator.

    • [Last run: 2020-11-06, gregoa]
  • /!\ Check for packages which don't have Debian Perl Group in its Maintainer field: http://pkg-perl.alioth.debian.org/qa/maintainers.txt

    • [Last check: 2014-11-21, alexm]
  • /!\ Check in PET for repos with missing (not pushed) tags, and ping people. Ping template:

    PET shows that $PACKAGE is missing tags, could you run "dpt push" or "git push --all; git push --tags" from your working copy?
    • [Last check: 2017-08-01, gregoa]
  • Fix reproducible build issues. wiki, pkg-perl-maintainer

  • Check for newer upstream versions of packages before removing them from the archive (see 818222 and 824905). Also check for unpublished changes in our git repository before removing a package, for a similar reason

When a new Perl hits unstable

When oldstable is archived

  • Update (build) dependencies. E.g. once Lenny is archived, there's no need for "perl (>= 5.10.1) | libFOO-perl ()" anymore, or to depend on versions of packages that are already satisfied in current stable.

  • cme fix dpkg -from control -filter Depends, with mass-commit in our script repo

  • Review/remove Breaks/Replaces against package versions that are not even in oldstable. (Not (yet?) in cme fix.)

Documentation/promotion

List of tasks that need to be (better) documented and promoted to get wider adoption:

  • autopkgtest: pkg-tool-autopkgtest exists, autopkgtest understands Testsuite: autopkgtest-pkg-perl, ci.debian.net will pick up perl packages.

  • group-specific lintian checks are not widely known.
  • Integrating upstream git repos into our workflow: the tools are there, we need to document/advertise/use them.
    • Announcement mail for both lintian and dpt-*.

Background tasks

Things that would be nice to do, often repetitive. Can be done globally, or every time you work on a specific package.

  • Forward all (non Debian specific) patches upstream and add the CPAN RT ids to the patch headers [tools: 'dpt forward' exists (ghedo++), patchedit exists (jozef++)]
  • Fix common lintian-errors repo-wide (e.g. errors from pod2man, missing patch descriptions, ...) - some stuff fixed, other is more easily fixed by "dh-make-perl --refresh" on the next upgrade ...

Nice to have, some day

inc/

  • Get rid of inc/ directories in all pkg-perl packages and use Build-Depends instead. Well, we have it (see Policy), but we still need a lintian check. Reasoning follow

    • inc directories usually have old copies of modules already packaged in Debian
    • it's difficult to be sure if they're unmodified copies or not
    • the $VERSION stated in the modules inside inc directories cannot be trusted, as local modifications could have been performed

NM

  • Write team-specific questions for NM templates (Enrico's mail).

    • Random ideas: fix a Perl bug, update a Perl package to the group standards, adopt a package into the Perl group.
  • NM tasks for teams -- found in an even older mail from Enrico :)

Find issues with Perl::Critic

Using Perl::Critic to find issues in Perl modules (e.g. 2-arg open, etc.) as suggested by Paul Wise during sprint in Lloret 2017.

  1. Run perlcritic (and maybe other linters) over new/updated Perl code introduced to Debian (cf. check-all-the-things)

  2. Make a report of modules affected by default perl-critic config with --noprofile to avoid running untrusted code

  3. Tweak perl-critic config

  4. Identify potential security issues and review code:
    • use lib

    • eval

    • qx and ``

    • system, sysopen, popen, open, open2, open3 without lists

    • open with pipes

  5. If ever possible have a script to determine which Modules should be checked first.
  6. Talk with upstream about deprecating all these things.

Subpages

History