#debian-qa log

12:14:44 <zack> #startmeeting
12:14:44 <MeetBot> Meeting started Fri Jan  2 12:14:44 2015 UTC.  The chair is zack. Information about MeetBot at http://wiki.debian.org/MeetBot.
12:14:44 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
12:14:51 <zack> #topic debsources opw - next meeting
12:15:05 <zack> meeeting next week, same hour, is good for you?
12:15:09 <sophiejjj> good
12:15:15 <zack> (matthieu should also be back by then)
12:15:20 <KGB-0> 03Holger Levsen 05master c45dda5 06jenkins.debian.net 10bin/reproducible_common.sh reproducible: dont display negative number of untested packages
12:15:33 <zack> #agreed next meeting Fri Jan 9th, usual time
12:15:41 <zack> #topic debsources opw - weekly review
12:15:49 <zack> let's start with the weekly review then
12:15:52 <sophiejjj> sure
12:16:06 <zack> first item is #761121, the symlink bug
12:16:17 <zack> I've integrated a modified version of your patch, which seems to work fine
12:16:21 <zack> have you looked at it?
12:16:58 <sophiejjj> yes. I had a look.
12:17:06 <sophiejjj> http://anonscm.debian.org/cgit/qa/debsources.git/commit/?id=5b7c61714f1c9cc68ef9255f91666d3c55d85c28
12:17:23 <sophiejjj> will the raise Http403error be triggered?
12:17:47 <zack> yes, if a symlink points to ../../../ enough times to leave the current package/version, it will return 403
12:17:56 <zack> I've tried it by hand, but it would be nice to have a test for that
12:18:22 <sophiejjj> yes. that's the case.
12:18:31 <zack> do you want to work on adding a test for it?
12:18:44 <sophiejjj> but for absolute links, e.g., /opt/my/pass
12:19:00 <sophiejjj> sure.
12:19:05 <sophiejjj> I will add a trello card.
12:19:24 <zack> so, I didn't try that, but in principle that would give a dest path that will fail the .startswith() test
12:19:47 <zack> please add that case to the test as well
12:19:56 <zack> do you know how to test this?
12:20:09 <sophiejjj> tempfile?
12:20:16 <zack> exactly
12:20:31 <zack> as the test data does not contain a "dangerous" symlink, you will have to create one on the fly
12:20:36 <sophiejjj> zack: why /var/go will trigger 403error?
12:20:51 <sophiejjj> I think it will fall into the condition "startswith"
12:21:02 <sophiejjj> I will test it later.
12:21:19 <zack> because "/var/go" does not start with "/srv/debsources/...."
12:21:35 <zack> but of course I could be wrong :), so please double-test my code
12:22:06 <sophiejjj> dest = os.path.normpath ( os.path.join (os.path.dirname(locatioin.sources_path, ..) ) ...
12:23:43 <zack> well, let's not waste our meeting time discussing this
12:23:53 <zack> I will change the item you created to be more explicit
12:24:13 <sophiejjj> I've moved the trello card
12:24:18 <zack> yes, but that's not enough
12:24:30 <zack> what you will have to do this week is to add a test for the insecure case
12:24:40 <zack> (the *secure* case is already tested)
12:24:41 <sophiejjj> yes. I modified the descriptioin.
12:24:58 <zack> ok, sorry, didn't see that
12:25:14 <zack> but seeing the change directly in the title is better, because you'll see that without having to open the item
12:25:22 <sophiejjj> nods.
12:25:28 <zack> anything else on this item?
12:25:38 <sophiejjj> nothing I think.
12:25:42 <zack> cool
12:25:49 <zack> so, next one is "test coverage >= 85%"
12:25:56 <zack> any progress on that?
12:26:12 <sophiejjj> did you see my last mail on this?
12:26:24 <zack> yes, as far as I can tell I'm still waiting for an updated patch from you
12:26:34 <sophiejjj> The missing coverage on infobox are basically exception.
12:26:55 <sophiejjj> If that style is ok, I'd like to add all the tests to the newly created Testcase
12:27:06 <zack> I've answered that question already: saying that the style is fine
12:27:14 <zack> and you said you will send an updated patch
12:27:15 <sophiejjj> oops. didn't notice that.
12:27:30 <zack> you said "I will cover the remain if the style is good, and you can apply them at once." :)
12:28:02 <zack> anyway: yes, the style is fine, please go ahead
12:28:08 <sophiejjj> yes. that's my last my email. cool
12:28:19 <zack> how far are we from 85%?
12:28:38 <sophiejjj> didn't see the exact number. Just trying to cover file by file
12:28:45 <zack> ok
12:28:51 <zack> I've a small suggestion
12:28:53 <sophiejjj> yes
12:29:06 <zack> have a general look at all lines that are currently not covered
12:29:10 <zack> and try to select the most interesting ones
12:29:19 <sophiejjj> got it.
12:29:25 <sophiejjj> for the *importerror* thing
12:29:32 <zack> testing exceptions is of course fine, but maybe there are more important parts of the code that are not being tested
12:29:34 <sophiejjj> I read the pep, but still no idea how to hack on that.
12:29:48 <zack> which PEP?
12:30:16 <sophiejjj> http://legacy.python.org/dev/peps/pep-0302/
12:30:32 <zack> don't waste time on that import
12:30:38 <zack> as I've mentioned in email, it is only temporary
12:30:53 <zack> it will go away when we switch to the werkzeug version of debian jessie
12:30:53 <sophiejjj> got it.
12:31:10 <sophiejjj> just wondering how people test on that.
12:31:30 <zack> ok, so please move the test coverage card to next week
12:31:51 <sophiejjj> done.
12:32:05 <zack> btw, here http://nedbatchelder.com/code/coverage/excluding.html there seems to be a tip
12:32:12 <zack> on how to explicitly exclude line from coverage reports
12:32:23 <zack> (I haven't tried it though, please do)
12:32:25 <sophiejjj> aha. that's ignore them.
12:32:31 <sophiejjj> got it.
12:32:48 <zack> so, next item is the language override
12:32:56 <zack> which is done, right?
12:33:00 <sophiejjj> yup.
12:33:06 <zack> great, one less to care about :)
12:33:09 <zack> please archive the card
12:33:17 <zack> (and that's a great feature, btw!)
12:33:25 <sophiejjj> done
12:33:40 <zack> next one is showing symlink destination in "ls -l", any progress?
12:33:52 <sophiejjj> http://snag.gy/5jamw.jpg
12:34:00 <sophiejjj> is that style ok?
12:34:07 <zack> awesome! :)
12:34:24 <zack> as minor comments:
12:34:32 <zack> - why multiple spaces before the "->"
12:34:43 <zack> - and why "->" instead of, say, a unicode arrow like "→"
12:35:04 * sophiejjj just didn't know that.
12:35:21 <zack> no worries, it's just minor stylistic details, really
12:35:24 <sophiejjj> zack: to tell the truth
12:35:41 <sophiejjj> I fought for hours on how to make several spaces.
12:35:53 <zack> but why do you want several spaces?
12:36:05 <sophiejjj> to make things less clutterred.
12:36:21 <zack> well, "ls -l" does one space, and the output is quite readable
12:36:27 <zack> just go for one space :)
12:36:29 <sophiejjj> got it.
12:36:48 <zack> so, do you have a patch ready for that?
12:37:10 <sophiejjj> not yet. modify the space, merge the origin, and make the patch.
12:37:15 <zack> ok, great
12:37:25 <zack> let's move it to next week, but of course if it's ready before, even better :)
12:37:39 <sophiejjj> moved.
12:37:43 <zack> awesome
12:37:50 <zack> next item is copyright.d.n basic structure
12:37:53 <zack> what's the status there?
12:38:18 <sophiejjj> get an overall idea on that.
12:38:37 <zack> do you want me to comment on some draft structure?
12:38:46 <sophiejjj> after reading the spec, much should be borrowed from debsouces.
12:38:53 <sophiejjj> sure.
12:39:09 <zack> a comment on that
12:39:21 <zack> please note that we should not "borrow" (in the sense of copy-pasting) anywhing from debsources
12:39:22 <KGB-0> 03Holger Levsen 05master 89afec4 06jenkins.debian.net 10bin/reproducible_scheduler.sh reproducible: try harder to schedule (many) packages without .buildinfo files
12:39:33 <zack> the new web app will sit side-by-side, in the same Git repo *with* debsources
12:39:44 <zack> so it will be able to directly use the debsources code, wherever needed
12:39:46 <zack> ok?
12:39:53 <sophiejjj> aha. but the functionality looks mostly the same.
12:40:16 <sophiejjj> got it.
12:40:28 <zack> well, you can think of it like this:
12:40:39 <zack> it is just new functionalities that we want to add to debsources
12:40:40 <zack> but
12:40:42 <sophiejjj> the only part that needs totaly written from bottom up is the spec parser .
12:40:52 <zack> we also want the ability to deploy it to a different website, hence we use the blueprint structure
12:40:57 <sophiejjj> yes
12:41:01 <sophiejjj> to make it more portable.
12:41:04 <zack> sophiejjj: not even that, the parser already exists, it's in python-debian
12:41:20 <zack> we should only "connect the dots", basically
12:41:26 <sophiejjj> aha. got it.
12:41:38 <zack> ok, so, let's move the item to next week
12:41:39 <sophiejjj> written by you?
12:42:03 <zack> the parser has been written by John Wright, I've contributed some patches only
12:42:12 <zack> (but yes, I'm co-maintainer of python-debian)
12:42:30 <zack> #topic debsources opw - new stuff
12:42:39 <zack> what else do you want to pick on for next week?
12:42:51 <zack> I've made some suggestions moving stuff to the top of the "backburner" list
12:43:28 <zack> the suite-based navigation one would be nice
12:43:57 <sophiejjj> ok. I am going to move it.
12:44:02 <sophiejjj> done.
12:44:23 <zack> is the goal of that bug clear to you? or do you need some explanations?
12:44:36 <sophiejjj> not yet.
12:44:40 <sophiejjj> let me have a read.
12:46:31 <sophiejjj> got it.
12:46:51 <zack> ok, great
12:47:09 <sophiejjj> a confirmation.
12:47:13 <zack> sure
12:47:49 <zack> what is it?
12:47:54 <sophiejjj> if I click on jessie on the page of http://sources.debian.net/src/postfix/ , basically the url becomes to http://sources.debian.net/suite/jessie/postfix/
12:47:55 <sophiejjj> right?
12:48:19 <zack> let me re-read the bug report first :)
12:48:38 <sophiejjj> so all and only all the postfix under jessie will be shown?
12:49:09 <sophiejjj> hmm. that seems two tickets.
12:49:22 <sophiejjj> the first one is just to implement http://sources.debian.net/suite/jessie/prefix/d/
12:49:27 <zack> so, yes, there are 2 separate requests in the bug report
12:49:31 <zack> exactly
12:49:32 <sophiejjj> the second is what I mentioned above.
12:49:51 <zack> let's make them 2 separate cards them, so that it is clearer what you're working on
12:49:57 <zack> I suggest to start with the first one, which looks easier
12:50:05 <sophiejjj> got it.
12:50:11 <zack> cool
12:50:50 <zack> then I've also just added "inject binary package metadata", but only so that you start *looking* at it
12:50:57 <zack> to understand what you'll need to touch to address it
12:51:03 <zack> is that OK with you?
12:51:16 <sophiejjj> sure.
12:51:22 <zack> great
12:51:26 <zack> as a  brief explanation
12:51:33 <zack> thus far you've basically only touched the web app part of debsources
12:51:41 <zack> but there is important work to be done also on the updater
12:51:54 <zack> and that bug is the first one in which you will probably have to touch that code
12:51:56 <sophiejjj> the updater is always a mysterious land for me.
12:52:04 <zack> eh, I imagined that :)
12:52:25 <zack> so let's take it slowly, for this week just try to figure out what will need to be changed for #761083
12:52:37 <zack> and of course, I'm always available if you've questions
12:52:47 <sophiejjj> awesome.
12:52:55 <zack> #topic debsources opw - miscellanea
12:53:06 <zack> any other questions/doubts/blockers?
12:53:17 <sophiejjj> not yet.
12:53:27 <zack> I love the "yet" ;)
12:54:04 <zack> so, can we end the meeting?
12:54:08 <sophiejjj> oh. one thing.
12:54:26 <zack> sure
12:54:38 <sophiejjj> sometimes I got lost in git. Is 'git diff' instead of 'git formatted patch' acceptable?
12:54:50 <zack> ok, so:
12:54:52 <zack> actually no
12:55:02 <zack> I think it is important you get familiar with "git format-patch"
12:55:15 <zack> because it is way easier for who receives the patch
12:55:27 <zack> did you read my tip on how to avoid getting lost with merges and the like?
12:55:38 <sophiejjj> yes. but you said rebase on the origin/master.
12:55:49 <zack> yes, git fetch + git rebase origin/master
12:56:09 <zack> did you try that?
12:56:14 <sophiejjj> didn't do that. I will have a try. I've plenty of opportunity on that.
12:56:26 <sophiejjj> ;)
12:56:30 <zack> great :)
12:56:38 <zack> feel free to ask on IRC if you get lost
12:56:47 <sophiejjj> could I send a patch via mutt as attachment?
12:56:52 <zack> oh, sure
12:57:04 <zack> git format-patch + mutt with the obtained 000X files as attachment
12:57:25 <sophiejjj> the git sendmail creates unnecessary threads on my gmail, too horrible
12:57:38 <zack> I even *prefer* patches as attachments to git send-email :)
12:57:55 <zack> so, feel free to abandon git send-email; I don't care about it
12:58:08 <sophiejjj> got it.
12:58:18 <zack> anything else?
12:58:25 <sophiejjj> I guess nothing.
12:58:29 <zack> so...
12:58:31 <zack> #endmeeting