Re: pkg/54883: python-ecdsa 0.15 (important security update)

To: gls%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, pkgsrc-bugs%netbsd.org@localhost, js-pkgsrc%heap.zone@localhost
Subject: Re: pkg/54883: python-ecdsa 0.15 (important security update)
From: Leonardo Taccari <leot%NetBSD.org@localhost>
Date: Mon, 27 Jan 2020 13:35:02 +0000 (UTC)

The following reply was made to PR pkg/54883; it has been noted by GNATS.

From: Leonardo Taccari <leot%NetBSD.org@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: pkg/54883: python-ecdsa 0.15 (important security update)
Date: Mon, 27 Jan 2020 14:32:57 +0100

 Hello Jonathan,
 some mostly cosmetic suggestions directly inline!
 
 js-pkgsrc%heap.zone@localhost writes:
 > [...]
 > commit 77be555f9e29d476e73ef3f4c085058b23803c22
 > Author: Jonathan Schleifer <js%nil.im@localhost>
 > Date:   Wed Jan 22 01:33:03 2020 +0100
 >
 >     py-ecdsa 0.15, includes important security updates
 >     
 >     Also switches the source from GitHub to PyPi, because for whatever
 >     reason, the archive is different. Hashes for the archive from GitHub are
 >     nowhere to be found, and I could not find a single distro that uses the
 >     archive from GitHub instead of PyPi. So instead, I used the PyPi one and
 >     compared the hashes to what Alpine has.
 >
 
 When updating packages, if possible please also provide a changelog from
 upstream.
 
 > diff --git a/security/py-ecdsa/Makefile b/security/py-ecdsa/Makefile
 > index 496eb0b8bd5..916618a7002 100644
 > --- a/security/py-ecdsa/Makefile
 > +++ b/security/py-ecdsa/Makefile
 > @@ -1,17 +1,16 @@
 >  # $NetBSD: Makefile,v 1.7 2015/06/29 17:00:00 gls Exp $
 >  
 > -DISTNAME=	python-ecdsa-0.13
 > -PKGNAME=	${PYPKGPREFIX}-ecdsa-0.13
 > +DISTNAME=	ecdsa-0.15
 > +PKGNAME=	${PYPKGPREFIX}-ecdsa-0.15
 >  EGG_NAME=	ecdsa-${PKGVERSION}
 > [...]
 
 Unrelated to the update but I think that EGG_NAME could be removed (I
 think that defining it as ecdsa-${PKGVERSION} is also incorrect for
 possible PKGREVISION bumps), please remove it if that's the case.
 
 > diff --git a/security/py-ecdsa/PLIST b/security/py-ecdsa/PLIST
 > index 32517559708..bb716364a29 100644
 > --- a/security/py-ecdsa/PLIST
 > +++ b/security/py-ecdsa/PLIST
 > @@ -1,41 +1,75 @@
 > -@comment $NetBSD: PLIST,v 1.3 2015/06/29 17:00:00 gls Exp $
 > +@comment $NetBSD$
 >  ${PYSITELIB}/${EGG_INFODIR}/PKG-INFO
 >  ${PYSITELIB}/${EGG_INFODIR}/SOURCES.txt
 >  ${PYSITELIB}/${EGG_INFODIR}/dependency_links.txt
 > +${PYSITELIB}/${EGG_INFODIR}/requires.txt
 
 The extra requires.txt seems to point out that there is at least a
 missing dependency, please add py-six to DEPENDS in the Makefile.
 
 >  ${PYSITELIB}/${EGG_INFODIR}/top_level.txt
 >  ${PYSITELIB}/ecdsa/__init__.py
 > -${PYSITELIB}/ecdsa/__init__.pyc
 >  ${PYSITELIB}/ecdsa/__init__.pyo
 > [...]
 
 The PLIST is not sorted, please sort it.
 
 
 Thanks!

Follow-Ups:
- Re: pkg/54883: python-ecdsa 0.15 (important security update)
  - From: js-pkgsrc

Prev by Date: Re: pkg/54883 (python-ecdsa 0.15 (important security update))
Next by Date: Re: pkg/54772 (emulators/qemu: failed install on Linux/Debian (PLIST mismatch))
Previous by Thread: pkg/54883: python-ecdsa 0.15 (important security update)
Next by Thread: Re: pkg/54883: python-ecdsa 0.15 (important security update)
Indexes:

Home | Main Index | Thread Index | Old Index