#985728 ITP: howdy -- Infrared Facial Authentication Module for Linux

#985728#5
Date:
2021-03-22 18:57:16 UTC
From:
To:
* Package name    : howdy
  Version         : 3.0.0
  Upstream Author : Lem Severein <hey@boltgolt.nl>
* URL             : https://boltgolt.nl/howdy
* License         : MIT
  Programming Lang: Python, C++
  Description     : Infrared Facial Authentication Module for Linux

Howdy provides Windows Hello style authentication for Linux. Use
your built-in infrared emitters and camera in combination with
facial recognition to prove who you are.

Based on visitor and download statistics Howdy is already used on
tens of thousands of systems. Currently distributed with a PPA or
deb file directly. Version 3.0.0 will introduce large changes and
 make Howdy a lot more mature. I think it's time to try and
package it within the main debian archive.

I am the main developer and maintainer of this package, and i
intend to continue to support Howdy. I'm not sure in what team
this package would fit, but a sponsor would be nice.

#985728#10
Date:
2021-03-23 11:18:34 UTC
From:
To:
Lem Severein <hey@boltgolt.nl> writes:

Maybe this is already covered under the discussion of the more mature
version 3 coming up, but: the shenanigans going on in the postinst
script (like downloading stuff from the internet) seem to me quite
worrisome.

 Best,
 Gard

#985728#15
Date:
2021-03-23 11:51:04 UTC
From:
To:
Lem Severein <hey@boltgolt.nl> writes:

I think people would be quite upset with a d/postinst script that not
only builds third-party software (already a problem), but also reaches
out to the internet to fetch said software (without even getting into
the fact that the authenticity of the downloaded software is not
verified, which is a separate problem independent of Debian).

Additionally, the current maintainer scripts don't look very idempotent
(Policy § 6.2 [1]).

This sounds like a violation of Policy § 4.13 [2].

If the local dlib compilation is indeed a requirement for this package,
I would hazard a guess that it is not distributable in Debian.


[1] https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html#maintainer-scripts-idempotency

[2] https://www.debian.org/doc/debian-policy/ch-source.html#embedded-code-copies


  Best,
  Gard

#985728#20
Date:
2021-03-23 13:10:30 UTC
From:
To:
Hey Gard,

Thanks for the helpful links, I fully understand your concern.

I can do away with the numpy and opencv installs through the (much more
outdated) python-numpy and python-opencv debian packages respectively.
However, dlib does not seem to have such a package yet and having to
maintain that would be out of scope for me. I'm only a dlib user, not a
contributor, and i don't think it would be my place to package it.

The absolute minimum install would only install pre-packaged dlib through
pip or compile it from source.

However, dlib is available through pip and running that command would be
idempotent. If apt install is aborted then pip will simply retry installing
dlib the next time apt installation is attempted. If the pip dlib install
goes through and postinst is called again pip will simply state that dlib
is already installed.

(I wrongly hit "Reply" instead of "Reply All" in my last email, thanks for
letting me know)

With kind regards,
Lem Severein

#985728#25
Date:
2021-03-23 13:22:06 UTC
From:
To:
Lem Severein <hey@boltgolt.nl> writes:

https://tracker.debian.org/pkg/dlib ? Or is this a different dlib?

OK, but your package cannot rely on stuff installed through pip!

No problem. And I hope I'm not coming across as too negative; I just
wanna make sure you're not wasting a lot of effort on packaging
something that ends up being undistributable in Debian :-)

#985728#30
Date:
2021-03-23 14:41:03 UTC
From:
To:
Hey Gard,

Weirdly I can't see that package locally at all. Probably because I'm on
such an old distro.

I'm not 100% sure if that dlib package ships with the python bindings or if
it's just the C++ version. I'll look into that. If it does have python
bindings then that solves the problem in its entirety.

You're not too negative at all! I'm entirely new to this part of the
packaging process so your feedback has been invaluable to me, so thanks a
lot!

With kind regards,
Lem Severein