+approved:
+
+ o What to do with multi-suite uploads? Presumably hold in unapproved
+ and warn? Or what? Can't accept just for unstable or reject just
+ from stable.
+
+ o Whenever we check for anything in accepted we also need to check in
+ unapproved.
+
+ o non-sourceful uploads should go straight through if they have
+ source in accepted or the archive.
+
+ o security uploads on auric should be pre-approved.
+
TODO
====
+[NB: I use this as a thought record/scribble, not everything on here
+ makes sense and/or is actually ever going to get done, so IIWY I
+ wouldn't use it as gospel for the future of katie or as a TODO
+ list for random hacking.]
+
================================================================================
Actually Urgent
---------------
- o UrgencyLog stuff should minimize it's bombing out
+ o UrgencyLog stuff should minimize it's bombing out(?)
+ o Log stuff should open the log file g+w lamer
More Urgent
-----------
+
+ o helena should footnote the actual notes, and also * the versions
+ with notes so we can see new versions since being noted...
+
+ o helena should have alternative sorting options, including reverse
+ and without or without differentiaion.
+
+ o julia should sync debadmin and ftpmaster
+
+ <drow> Can't read file.: /org/security.debian.org/queue/accepted/accepted/apache-perl_1.3.9-14.1-1.21.20000309-1_sparc.katie. You assume that the filenames are relative to accepted/, might want to doc or fix that.
+
+<neuro> the orig was in NEW, the changes that caused it to be NEW were pulled out in -2, and we end up with no orig in the archive :(
+
+ o SecurityAcceptedAutoBuild doesn't handle the case of foo_3.3woody1
+ with a new .orig.tar.gz followed by a foo_3.3potato1 with the same
+ .orig.tar.gz; jennifer sees it and copes, but the AA code doesn't
+ and can't really easily know so the potato AA dir is left with no
+ .orig.tar.gz copy. doh.
+
+ o orig.tar.gz in accepted not handled properly (?)
+
+ o amber doesn't include .orig.tar.gz but it should
+
+ o permissions (paranoia, group write, etc.) configurability and overhaul
+
+ o remember duplicate copyrights in lisaand skip them, per package
+
+ o <M>ove option for lisa byhand proecessing
+
+ o rene could do with overrides
o db_access.get_location_id should handle the lack of archive_id properly
- o security.debian.org: BYHAND auto-uploading doesn't work
- o security.debian.org: BYHAND auto-uploading assumes ftp-master
+ o the whole versioncmp thing should be documented
o lisa doesn't do the right thing with -2 and -1 uploads, as you can
end up with the .orig.tar.gz not in the pool
o lisa doesn't trap signals from fernanda properly
- o cross-suite version checking
-
- Priority based; stable == 1, proposed-update == 2, etc.
-
- i.e. A package targeted for a suite, must have a higher (or
- equal) version number than anything in a suite with a lower
- priority and also must have a lower (or equal) version number
- than anything in a suite with a higher priorty. The checks are
- always "or equal to" because two seperate uploads with the same
- version will fail thanks to the file overwrite errors (at least
- ignoring potato) and multi-suite uploads (e.g. "stable
- unstable") need to work.
-
- o jenna sucks
-
- o queued and/or perl on sparc stable sucks
+ o queued and/or perl on sparc stable sucks - reimplement it.
o aj's bin nmu changes
o trap fernanda exiting
o distinguish binary only versus others (neuro)
- o change utils.copy to try rename() first
-
o cache changes parsed from ordering (careful tho: would be caching
- .changes from world writable incoming, not holding)
+ .changes from world writable incoming, not holding); katie should
+ certainly be using .katie files, not parsing changes, that's just
+ silly.
o katie doesn't recognise binonlyNMUs correctly in terms of telling
who their source is; source-must-exist does, but the info is not
Less Urgent
-----------
+ o Accept "," as a seperator in -a, -s etc. args
+
+ o change utils.copy to try rename() first
+
+ o [hard, long term] unchecked -> accepted should go into the db, not
+ a suite, but similar. this would allow katie to get even faster,
+ make madison more useful, decomplexify specialacceptedautobuild and
+ generally be more sane. may even be helpful to have e.g. new in the
+ DB, so that we avoid corner cases like the .orig.tar.gz disappearing
+ 'cos the package has been entirely removed but was still on
+ stayofexecution when it entered new.
+
o Logging [mostly done] (todo: rhona (hard), .. ?)
o jennifer is leaking file descriptors..
o the tar extractor class doesn't need to be redone for each package
- o interrupting of stracing jennifer causes exceptions errors from apt_inst calls
-
o reverse of source-must-exist; i.e. binary-for-source-must-not-exist
o REJECT reminders in shania.
o fernanda should check for conflicts and warn about them visavis priority [rmurray]
o auto-purge out-of-date stuff from non-free/contrib so that testing and stuff works
o doogie's binary -> source index
- o Add urgency + installed date to the DB for aj/testing (? still needed ?)
o jt's web stuff, matt's changelog stuff (overlap)
o [Hard] Need to merge non-non-US and non-US DBs.
* Harder:
+ o interrupting of stracing jennifer causes exceptions errors from apt_inst calls
o dependency checking (esp. stable) (partially done)
o override checks sucks; it needs to track changes made by the
maintainer and pass them onto ftpmaster instead of warning the
o Revisit linking of binary->source in install() in katie.
o Fix component handling in overrides (aj)
o Fix lack of entires in source overrides (aj)
- o direport misreports things as section 'devel'
+ o direport misreports things as section 'devel' (? we don't use direport)
o vrfy check of every Maintainer+Changed-By address; valid for 3 months.
o binary-all should be done on a per-source, per-architecture package
basis to avoid, e.g. the perl-modules problem.
o katie/jenna/rhona/whatever needs to clear out .changes
files from p-u when removing stuff superseded by newer versions.
[but for now we have halle]
- o test sig checking stuff in test/ (stupid thing is not modularized)
+ o test sig checking stuff in test/ (stupid thing is not modularized due to global abuse)
o when encountering suspicous things (e.g. file tainting) do something more drastic
* Easy:
+ o suite mapping and component mapping are parsed per changes file,
+ they should probably be stored in a dictionary created at startup.
o don't stat/md5sum files you have entries for in the DB, moron
boy (Katie.check_source_blah_blah)
o promote changes["changes"] to mandatory in katie.py(dump_vars)
o melanie should behave better with -a and without -b; see
gcc-defaults removal for an example.
o Reject on misconfigured kernel-package uploads
- o denise abuses sys.stdout == badly
o utils.extract_component_from_section: main/utils -> main/utils, main rather than utils, main
o Fix jennier to warn if run when not in incoming or p-u
o katie should validate multi-suite uploads; only possible valid one
* Bizzare/uncertain:
+ o drop rather dubious currval stuff (?)
o rationalize os.path.join() usage
o Rene also doesn't seem to warn about missing binary packages (??)
o logging: hostname + pid ?
o Handle the case of 1:1.1 which would overwrite 1.1 (?)
o maybe drop -r/--regex in madison, make it the default and
implement -e/--exact (a la joey's "elmo")
+ o dsc files are not checked for existence/perms (only an issue if
+ they're in the .dsc, but not the .changes.. possible?)
* Cleanups & misc:
o db_access' get_files needs to use exceptions not this None, > 0, < 0 return val BS (?)
o The untouchable flag doesn't stop new packages being added to ``untouchable'' suites
- * Stable:
-
-<neuro> well, there's one other thing that doesn't work so well
-<neuro> you probably should have stable_install ignore Closes:
-<neuro> or it might be unique to the case of stable unstable uploads
-
================================================================================
Packaging