Debian Perl Group - Open tasks
It should have an up to date list of open tasks, please remove completed tasks; for documentation please add links to the History section below (instead of adding them in between the tasks here).
Policy / issues for discussion (DebConf BoF)
- Finding and integrating new members: Do we need to do more/something different?
Mentoring of the Month might provide ideas.
Multiarch for arch-dep module packages. See https://lists.debian.org/msgid-search/20140827105025.GE5797@riva.ucam.org
- Patches and git: explore, discuss, maybe decide on other ways than quilt (e.g. git-debcherry).
RM candidates (usertagged "rm-candidate"):
Leaf package with RC Bugs
Note: let's deprecate this section once we're done with what's in there, and instead use the "rm-candidate" usertag (see above).
Ping upstream means tell them we are going to remove it from Debian unstable in 3 weeks if no action. New forwarded reports should wait 3 months until the next step.
Leaf means either 0 or $few rdeps
Here is a template mail used by Dom:
Dear Maintainer, The Debian perl group is reviewing packages with bugs which make them un-releasable; in particular when they are not heavily used by Debian users. We would like to remove such modules from Debian if we don't think they are likely to be fixed. Module::Packaged is one such module, owing to this bug, and we would like to know whether you have any plans to look at the bug in the foreseeable future before we remove the package from Debian. If we don't hear anything we will remove the package from Debian on or around 23rd February. This of course does not affect the standing of your module on CPAN. Thank you for maintaining this module so far!
List of tasks that need to be performed on all/many of our packages; or maintenance tools ...
QA: cast to pointer from integer of different size: file bugs/fix (http://lists.debian.org/debian-perl/2012/02/msg00029.html, https://qa.debian.org/bls/bytag/I-pointer-cast-size-mismatch.html)
Unify our debian/watch files, esp. all the variants how uversionmangle is used. [Or not. Too much variance, no clear "best" option, too little gain]
Check all libapp-*-perl (and potentially other) packages for real applications whose (binary) packages should rather be named foo instead of libapp-foo-perl.
All those packages likely also need to moved outside the perl section, i.e. into utils, misc, text, devel, etc.
- Known packages affected by this:
- After the jessie release and after perl adds versioned provides: simplify (build-) depends on dual-lifed modules.
- Add/check autopkgtests to all packages.
- autopkgtests: autopktest 4.0 changed tools and variables. Our tools, documentations, ... should be adapted and ideally made backward compatible if CI is running on autopkgtest version older than 4.0.
- Move code to Perl modules in pkg-perl-tools so we can easily reuse them in other packages and tools:
pkg-perl-tools/scripts/debian-upstream vs. DhMakePerl::Command::Packaging::create_upstream_metadata
823067: dh-make-perl: please split Debian::Control into a separate binary package
pkg-perl-tools/scripts/upstream-repo should be cleaned up and/or rewritten in perl
Review status of NO_NETWORK=1: build vs. autopkgtest (add to all debian/tests/pkg-perl/smoke-env? reverse logic? ...) Cf. 858290
- [DONE for *NO_NETWORK*=1, 2017-08-03, gregoa]
(not exclusively a pkg-perl topic but still)
To be done:
- list (and possibly implement -- in Python) features we need in PET:
- track patches
- show all versions in archive / all suites
- ci.debian.net (#786664)
- duck.debian.net (at least nice to have)
- update-watch likes to hang
- timelimit(1) ?
- pet should program an alarm and kill the jobs itself
Alioth project: https://alioth.debian.org/projects/pet/
pet-devel mailing-list: https://alioth.debian.org/mail/?group_id=100210
PET project's repo: git+ssh://git.debian.org/git/pet/pet3.git
- find a co-maintainer for dh-make-perl
- continue breaking it into isolated modules
- improve POD coverage
- combine dh-make-perl's "refresh" with cme's update functionality
- Rewrite packagecheck (in Perl, modular, maybe not only for pkg-perl)
packagecheck provides some function of "cme check dpkg". It may be better to improve dpkg model taking into account our needs (dod)
- a lintian vendor profile exists now in pkg-perl-tools; list of things we could want to add there:
- uploading d/changelog with unresolved TODO / WAITS-FOR / IGNORE-VERSION / etc.
- boilerplate README
- metacpan URLs
- watchfile regexp
unversioned perl in Depends:
- not using cgit in Vcs-Browser:
cf. TODO in pkg-perl-tools source package
lintian use warnings FATAL => 'all' check (see rationale and details).
Check RFP/ITP packages
- Yearly cleanup (remove packages from Git that were injected but never finished for upload)
Check packages not uploaded for more than 6 years using the sort_unreleased_packages.pl script. (6 years because there's a quite sharp edge. The cleanup in December 2013 found about 30 packages not uploaded for > 6 years, but 120 packages last uploaded between 5 and 6 years.)
- [Last check: December 2013, XTaran]
Run duck in all git repositories and check the errors it found. Do not rely to much on the duck website as it only checks the state of packages in the archive, and many issues are already fixed or were only added in the git repositories.
[Last check: May 2015, XTaran]
Yearly Alioth project member ping: send a ping (Do you still want to be a member?) to those who haven't done something for $time, and remove those who reply with No or who don't reply. In order to get a more realistic picture, and maybe also to remove unnecessary permissions.
on Alioth: in /home/groups/pkg-perl/scripts: run ./find-inactive-contributors build and ./find-inactive-contributors info > ~/inactive-contributors-ping.csv
download inactive-contributors-ping.csv to local scripts.git checkout, inactive-contributors-ping/ directory e.g.
optionally use @debian.org for non -guest accounts, e.g. run perl -i.orig -pe 's/users\.alioth\.// unless /-guest,/' inactive-contributors-ping.csv
check/update inactive-contributors-ping.yaml config/template in inactive-contributors-ping/ directory
make sure you have python3-gnupg installed and $GPG_AGENT_INFO set, then use the mail-merge script, as: ../mail-merge inactive-contributors-ping.yaml inactive-contributors-ping.csv
which will drop mails into a new subdirectory named <msg-id from the template>.d
send them out (use your alioth shell account if your local MTA can't): for file in <msg-id from the template>.d/*; do /usr/lib/sendmail -ti < $file; done
Additionally: remove them from Uploaders in all packages, e.g. with mass-commit and cme dpkg-control modify source Uploaders:-~"/foo/"
- [Last check: 2017-09-15, alexm]
Run 'dpt get-ubuntu-packages | sort -u | dpt lp-mass-subscribe' (scripts located in scripts/ directory in pkg-perl git repository) to subscribe our Launchpad team, ~pkg-perl-maintainers to all bugs concerning packages we maintain. This script must be run by a Launchpad team administrator.
- [Last run: 2017-08-01, gregoa]
Check for packages which don't have Debian Perl Group in its Maintainer field: http://pkg-perl.alioth.debian.org/qa/maintainers.txt
- [Last check: 2014-11-21, alexm]
Check in PET for repos with missing (not pushed) tags, and ping people. Ping template:
PET shows that $PACKAGE is missing tags, could you run "dpt push" or "git push --all; git push --tags" from your working copy?
- [Last check: 2017-08-01, gregoa]
Check for newer upstream versions of packages before removing them from the archive (see 818222 and 824905). Also check for unpublished changes in our git repository before removing a package, for a similar reason
When a new Perl hits unstable
Change some (build) dependencies ("libFOO-perl (>= x.y) | perl (>= 5.1x)"
Then fix all the "package-superseded-by-perl.html" Lintian warnings.
cme fix dpkg -from control -filter Depends, with mass-commit in our script repo
- When perl 5.n is released, file RM bugs for packages which have FTBFS bugs since 5.(n-2).
When oldstable is archived
Update (build) dependencies. E.g. once Lenny is archived, there's no need for "perl (>= 5.10.1) | libFOO-perl ()" anymore, or to depend on versions of packages that are already satisfied in current stable.
cme fix dpkg -from control -filter Depends, with mass-commit in our script repo
Review/remove Breaks/Replaces against package versions that are not even in oldstable. (Not (yet?) in cme fix.)
List of tasks that need to be (better) documented and promoted to get wider adoption:
autopkgtest: pkg-tool-autopkgtest exists, autopkgtest understands Testsuite: autopkgtest-pkg-perl, ci.debian.net will pick up perl packages. time to document and use it.
Documentation available at http://pkg-perl.alioth.debian.org/autopkgtest.html (ntyni++)
- group-specific lintian checks are not widely known.
- Integrating upstream git repos into our workflow: the tools are there, we need to document/advertise/use them.
Announcement mail for both lintian and dpt-*.
Things that would be nice to do, often repetitive. Can be done globally, or every time you work on a specific package.
- Forward all (non Debian specific) patches upstream and add the CPAN RT ids to the patch headers [tools: 'dpt forward' exists (ghedo++), patchedit exists (jozef++)]
Fix common lintian-errors repo-wide (e.g. errors from pod2man, missing patch descriptions, ...) - some stuff fixed, other is more easily fixed by "dh-make-perl --refresh" on the next upgrade ...
Nice to have, some day
Get rid of inc/ directories in all pkg-perl packages and use Build-Depends instead.
- inc directories usually have old copies of modules already packaged in Debian
- it's difficult to be sure if they're unmodified copies or not
the $VERSION stated in the modules inside inc directories cannot be trusted, as local modifications could have been performed
Write team-specific questions for NM templates (Enrico's mail).
- Random ideas: fix a Perl bug, update a Perl package to the group standards, adopt a package into the Perl group.
NM tasks for teams -- found in an even older mail from Enrico
Find issues with Perl::Critic
Using Perl::Critic to find issues in Perl modules (e.g. 2-arg open, etc.) as suggested by Paul Wise during sprint in Lloret 2017.
Run perlcritic (and maybe other linters) over new/updated Perl code introduced to Debian (cf. check-all-the-things)
Make a report of modules affected by default perl-critic config with --noprofile to avoid running untrusted code
Tweak perl-critic config
- Identify potential security issues and review code:
qx and ``
system, sysopen, popen, open, open2, open3 without lists
open with pipes
- If ever possible have a script to determine which Modules should be checked first.
- Talk with upstream about deprecating all these things.