Hi, On 03-11-2022 18:03, Andreas Tille wrote:
its all about the fact that rdflib is broken and removed from testing. We are nagging upstream constantly[1] with no success so far. This issue creates noise about testing removals in about 100 packages and is extremely annoying.
&& On 03-11-2022 17:58, Jonas Smedegaard wrote: > no comment at bug#1012482 which includes a > suggestion (which I agree with) to lower the severity of that bug to > simply not be release-critical: Yes, naïve implementations of the RDF > protocol can be tricked into pulling data from the filesystem, because > URIs are not necessarily all http-based and failing to care for that > may lead to surprises - which would be neat if generic RDF processing > tools were to ensure protection against but in my opinion unreasonable > to *require*: As I understand it, the equivalent would be to kick out > libcurl from Debian because it doesn't offer the heavy and complex > sandboxing mechanisms implemented in (only the biggest) web browsers.
I haven't spent time yet to make up *my* mind about the severity of the problem, but if people have serious doubts about the severity, the Release Team is the appropriate body in Debian to make that call. So if you believe the bug severity is too high, by all means bring it to the RT.
On 03-11-2022 18:03, Andreas Tille wrote:
I assume if you want to file bugs about missing python3-rdflib manually its quite a waste of time for you since the problem is known and more bug reports will not make things more visible.
Well, there were only 4 packages due to python3-rdflib; the total amount of packages flagged by dose (in testing) [1] is rather limited and I also have automated it by now. *Build* dependencies are unfortunately not automatically ensured in testing, so it needs a tiny bit of baby-sitting. That's why I filed these bugs today.
Paul [1] https://qa.debian.org/dose/debcheck/src_testing_main/latest/amd64.html
OpenPGP_signature
Description: OpenPGP digital signature
