[opensuse-factory] Re: A collection of new c libraries in factory

On Thu, 25 Apr 2013 13:41, Greg Freemyer wrote:

Sascha Peilicke wrote:

...

On 04/24/2013 11:48 PM, Greg Freemyer wrote: <snip>

...

FYI: The driving force behind me packaging most of these is that

plaso

...

is using them. Plaso is a new python application that parses filesystems and creates a single integrated timeline of all the activity found on the computer. It pulls events out of all of the above so the timeline can be comprehensive. (I don't think it uses libpff yet.)

I just saw that submit request, why did you call it python-plaso? If it's just an application that happens to be written in Python, you don't need (or want) the python- prefix. If it is a Python library that is potentially usable by others, you may want to submit it to devel:languages:python and develop it there.

Hmm..

Maybe I should move it. A little background.

Log2timeline was written a couple years ago in perl. It was a highly praised application in computer forensics / incident response. I packaged it in security where it still lives.

One complaint was it was too slow, so a small team rewrote it from scratch including rewriting most of the perl modules it used as the libyal collection that was the original subject of this email. Plaso itself is an engine that can be used with cli or gui front ends. A couple cli front ends are in the package. At least one addon package (4n6time) provides a gui interface.

I hesitate to call it a library because it provides so much functionality including defining/maintaining a database with all the timeline data in it.

So the architecture is:

CLI Front-ends (log2timeline.py, psort.py) GUI Front-ends (4n6time is the only one I know) The plaso engine The libyal c library collection

I pushed plaso to security because that is where log2timeline is, but I didn't give it any thought.

With the above background, do you think I should move it to d:l:python? If I leave it in security, should I change the name to plaso?

We have other similar projects, with more than one way of handling the packaging. One way would be to keep it as pyton-plaso and make a remark in the Description about the engine(plaso) and the included cli-tools, a hint about the extra gui would be nice. Or, if separate packages are absolutely wanted, pyton-plaso (engine) and plaso-tools (the cli). Third possibility would be to name it just "plaso" and give a hint about extra gui (4n6time) in Description and as "Suggestion" Personally I'm fine with keeping it as it is. This is an expert tool, not for the generic (dumbest possible) user. - Yamaban. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org