I'm hit by this, too.
Is there any chance we could cherry-pick the upstream fix [1] to Debian?
[1]: https://github.com/pypa/pip/pull/2122
___
Python-modules-team mailing list
Python-modules-team@lists.alioth.debian.org
IMO we should patch pip to *not* touch (install, upgrade, uninstall,
etc.) anything in /usr directory (or /) except /usr/local. Our Python
interpreter already installs to /usr/local and so should pip.
This way:
* pip doesn't need to figure out which file can be touched,
* we can detect cause of
Hello
I found a sponsor for package django-session-security.
http://django-session-security.readthedocs.org/
I plan to add it to the packages maintained by this team, with myself as
uploader. Any objection anyone?
--
Nirgal
signature.asc
Description: OpenPGP digital signature
On Dec 02, 2014, at 10:38 PM, Scott Kitterman wrote:
Speaking only for myself, I think that sounds reasonable.
It's well established I believe in Debian Python usage that if a user
installs packages in /usr/local and break their system, they are on their
own, so I'm not particularly worried
On Dec 03, 2014, at 03:20 PM, Piotr Ożarowski wrote:
IMO we should patch pip to *not* touch (install, upgrade, uninstall,
etc.) anything in /usr directory (or /) except /usr/local. Our Python
interpreter already installs to /usr/local and so should pip.
+1
This way:
* pip doesn't need to
Package: python-mpld3
Version: 0.3git+20140910dfsg-2
This example from https://mpld3.github.io/quickstart.html does
not work:
$ python
...
import matplotlib.pyplot as plt, mpld3
plt.plot([3,1,4,1,5], 'ks-', mec='w', mew=5, ms=20)
[matplotlib.lines.Line2D object at 0x7f62a2358fd0]
mpld3.show()
Source: python-mplexporter
Version: 0.0.1+20140921-1
mplexporter does not make sense without matplotlib.
___
Python-modules-team mailing list
Python-modules-team@lists.alioth.debian.org
Visualizar corretamente este e-mail.
___
Python-modules-team mailing list
Python-modules-team@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team
Processing commands for cont...@bugs.debian.org:
severity 725847 important
Bug #725847 [python-pip] python-pip: CVE-2014-8991: DoS by other users on the
same system
Severity set to 'important' from 'normal'
thanks
Stopping processing here.
Please contact me if you need assistance.
--
725847:
Processing commands for cont...@bugs.debian.org:
tag 725847 + pending
Bug #725847 [python-pip] python-pip: CVE-2014-8991: DoS by other users on the
same system
Added tag(s) pending.
tag 769930 + pending
Bug #769930 [python-pip] python-pip: Fails to install youtube-dl: multiple
.dist-info
Click here for the web version of this message
11 matches
Mail list logo