Packages that contain binary artifacts should be Architecture: any, not all

[legoktm]

Description

Some of our Debian Python projects ship binary objects:

$ dpkg -c build/securedrop-client_0.9.0+bullseye_all.deb | grep \\.so
-rw-r--r-- root/root     46920 2023-03-16 16:29 ./opt/venvs/securedrop-client/lib/python3.9/site-packages/markupsafe/_speedups.cpython-39-x86_64-linux-gnu.so
-rw-r--r-- root/root     49808 2023-03-16 16:29 ./opt/venvs/securedrop-client/lib/python3.9/site-packages/sqlalchemy/cprocessors.cpython-39-x86_64-linux-gnu.so
-rw-r--r-- root/root     66904 2023-03-16 16:29 ./opt/venvs/securedrop-client/lib/python3.9/site-packages/sqlalchemy/cresultproxy.cpython-39-x86_64-linux-gnu.so
-rw-r--r-- root/root     30872 2023-03-16 16:29 ./opt/venvs/securedrop-client/lib/python3.9/site-packages/sqlalchemy/cutils.cpython-39-x86_64-linux-gnu.so

In the case of proxy, there's also a needed dependency on libyaml

$ dpkg -c build/securedrop-proxy_0.9.0+bullseye_all.deb | grep \\.so
-rw-r--r-- root/root   1666960 2023-03-16 16:29 ./opt/venvs/securedrop-proxy/lib/python3.9/site-packages/yaml/_yaml.cpython-39-x86_64-linux-gnu.so

Also

that gets hardcoded into d/control:

Package: securedrop-proxy
Architecture: all
Depends: ${python3:Depends}, ${misc:Depends}, libyaml-0-2
Description: This is securedrop Qubes proxy service
 This package provides the network proxy on Qubes to talk to the SecureDrop server.

Instead if this was an Architecture: any package, debhelper would automatically analyze the dynamically linked dependencies via dh_makeshlibs. It also would automatically strip debugging information and a few other things.