Web lists-archives.com

Re: Bug#858229: ITP: passh -- passh: a pass fork - stores, retrieves, generates, and synchronizes passwords securely.




On 03/20/2017 06:18 AM, Adrian Alves wrote:
> Package: wnpp
> Severity: wishlist
> Owner: Adrian Alves <aalves@xxxxxxxxx>
> 
> * Package name    : passh
>   Version         : 1.7.1
>   Upstream Author : Ivan Ariel Barrera Oro <ivan@xxxxxxxxxxxxxxxxx>
> * URL             : https://github.com/HacKanCuBa/passh
> * License         : GPL-3
>   Programming Lang: bash
>   Description     : passh: a pass fork - stores, retrieves, generates, and synchronizes passwords securely.
> 
> Pass is a simple password store. This fork changes a few
> things while trying to maintain most of it intact,
> specially the core idea. I will keep pulling pass commits,
> and also pushing my modifications to them.

It would be great if you could go into a bit more detail why this
fork is needed? "changes a few things" is _very_ unspecific.

I've had a look at the upstream website, and found this:
https://github.com/HacKanCuBa/passh#user-content-changes-from-pass-master
So apparently the only real difference (apart from branding) is
extension handling. This should definitely go in the package
description to allow people to decide which one they'd want to
install.

And while that shouldn't be part of the package description later on,
a short comment in the ITP why a fork was required would also be nice.
Did the original project just not want to merge this? What's the use
case for these changes that can't be supported by the original?

Also, a minor note, unrelated to Debian packaging: the fork claims in
https://github.com/HacKanCuBa/passh#license 
that the original is GPL-2 and that the fork is GPL-3+. If that were
actually true, the fork would be a license violation. Luckily for the
fork from reading the COPYING file of the original, that is is actually
licensed under GPL-2+ (not just GPL-2), so forking as GPL-3+ is fine.
(That said, while I generally like the GPL-3, forking a GPL-2+ project
under GPL-3+ does not allow the original project to easily merge back
changes made in the fork, they'd first have to get explicit
permission.)

Regards,
Christian