Your message dated Wed, 24 May 2017 23:57:46 -0400
with message-id <1530639.3EspIQlAHj@kitterma-e6430>
and subject line Re: [Python-modules-team] Bug#863267: python-django: Upgrades
from jessie to stretch
has caused the Debian Bug report #863267,
regarding python-django: Upgrades from jessie to
Jan Ingvoldstad writes:
> As a Debian user, I have learned not to use backports for anything
> important because, let's face it, I'm *toast* if I do so.
> I have griped about the backports security policy years ago, and others
> have, too, but you and Alexander shoot any
On Wed, 24 May 2017, Uwe Kleine-König wrote:
> With my model that would be:
>
> - sid/testing has both, latest version and latest LTS (including
>security)
> - jessie-backports strictly follows django-lts and so shouldn't be
>much of a headache.
- $stable has both
- $oldstable has
Hello Raphael,
On 05/24/2017 09:15 PM, Raphael Hertzog wrote:
> On Wed, 24 May 2017, Uwe Kleine-König wrote:
>> An alternative idea would be to have two separate (source) packages in
>> sid: django and django-lts. Then django-lts could be put into backports
>> and so maintained according to the
Hello,
On Wed, 24 May 2017, Uwe Kleine-König wrote:
> An alternative idea would be to have two separate (source) packages in
> sid: django and django-lts. Then django-lts could be put into backports
> and so maintained according to the backport policy.
I don't really like the idea of a separate
On Wed, 24 May 2017, Rhonda D'Vine wrote:
> > Then we have similar issues as the ones raised by Raphael, where the life
> > of the package maintainer is made difficult.
>
> He actively chose to ignore the guidelines, and actively chose to not
> communicate about that. That's very disappointing,
Accepted:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 24 May 2017 17:14:31 +0200
Source: python-slugify
Binary: python-slugify python3-slugify slugify
Architecture: source all
Version: 1.2.4-1
Distribution: experimental
Urgency: low
Maintainer: Debian Python Modules
Source: python-django
Version: 1:1.10.7-1
Severity: serious
Control: block 847277 by -1
Control: block 863259 by -1
This bug is based on #847277, #863259, and the related
discussion on the debian-backports list.
If upgrading from 1.7 in jessie to 1.10 in stretch is not
fully supported unless
Accepted:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 24 May 2017 16:37:16 +0300
Source: python-mccabe
Binary: python-mccabe python3-mccabe
Architecture: source all
Version: 0.5.3-1~bpo8+1
Distribution: jessie-backports
Urgency: medium
Maintainer: Debian Python
python-mccabe_0.5.3-1~bpo8+1_amd64.changes uploaded successfully to localhost
along with the files:
python-mccabe_0.5.3-1~bpo8+1.dsc
python-mccabe_0.5.3-1~bpo8+1.debian.tar.xz
python-mccabe_0.5.3-1~bpo8+1_all.deb
python3-mccabe_0.5.3-1~bpo8+1_all.deb
Greetings,
Your Debian queue
The .changes was signed using a weak algorithm (such as SHA-1)
===
Please feel free to respond to this email if you don't understand why
your files were rejected, or if you upload new files which address our
concerns.
___
Python-modules-team
python-mccabe_0.5.3-1~bpo8+1_amd64.changes uploaded successfully to localhost
along with the files:
python-mccabe_0.5.3-1~bpo8+1.dsc
python-mccabe_0.5.3-1~bpo8+1.debian.tar.xz
python-mccabe_0.5.3-1~bpo8+1_all.deb
python3-mccabe_0.5.3-1~bpo8+1_all.deb
Greetings,
Your Debian queue
On Wed, 24 May 2017, Alexander Wirt wrote:
> The policy is pretty clear. Backporting 1.10 and backport the other packages
> too.
>
> It is maybe a problem and maybe we should get the policy changed - I
> personally don't think too. I don't wan't software that isn't in testing in
> backports - but
On Wed, May 24, 2017 at 1:12 PM, Rhonda D'Vine wrote:
> * Jan Ingvoldstad [2017-05-24 12:02:18 CEST]:
> > On Wed, May 24, 2017 at 11:54 AM, Rhonda D'Vine wrote:
> > > * Jan Ingvoldstad [2017-05-24 11:37:49 CEST]:
> > > >
On Wed, 2017-05-24 at 12:53 +0200, Raphael Hertzog wrote:
> On Wed, 24 May 2017, Holger Levsen wrote:
> > On Wed, May 24, 2017 at 12:32:13PM +0200, Raphael Hertzog wrote:
> > > Right now, I'm maintaining 1.8.x in jessie-backports, we have
> > > 1.10.x in
> > > stretch. If I disappear and nobody
On Wed, May 24, 2017 at 1:34 PM, Adrian Bunk wrote:
> On Wed, May 24, 2017 at 01:00:41PM +0200, Raphael Hertzog wrote:
> > On Wed, 24 May 2017, Adrian Bunk wrote:
> >...
> > > Imagine someone else would have done the python-django backport,
> > > and would upload 1.10 to
On Wed, May 24, 2017 at 01:00:41PM +0200, Raphael Hertzog wrote:
> On Wed, 24 May 2017, Adrian Bunk wrote:
>...
> > Imagine someone else would have done the python-django backport,
> > and would upload 1.10 to jessie-backports today.
> > What would you as user do?
>
> You are again diverting the
* Raphael Hertzog [2017-05-24 13:00:41 CEST]:
> On Wed, 24 May 2017, Adrian Bunk wrote:
> > If the person who did two years ago the jessie backport of a package
> > used by DSA retired from Debian a year ago or is one of the many MIA
> > developers, how are the machines
On Wed, 24 May 2017, Ian Campbell wrote:
> Yet 1.10.x is going to be in Stretch, according to [0]? If users want
> LTS then why aren't we shipping that in our upcoming stable release
> (whether its instead of or in addition to the latest release)?
Because of miscommunication between the Django
* Jan Ingvoldstad [2017-05-24 12:02:18 CEST]:
> On Wed, May 24, 2017 at 11:54 AM, Rhonda D'Vine wrote:
> > * Jan Ingvoldstad [2017-05-24 11:37:49 CEST]:
> > > Basically: if you need security updates, don't rely on backports, don't
> > put
>
On Wed, 24 May 2017, Adrian Bunk wrote:
> > This is because backports maintainers are expected to keep the packages
> > they upload there as secure.
>
> "are expected" != "are actually doing"
>
> > If the rules are not allowing us to do that, then the rules are bad.
>
> The biggest general
On Wed, 24 May 2017, Holger Levsen wrote:
> On Wed, May 24, 2017 at 12:32:13PM +0200, Raphael Hertzog wrote:
> > Right now, I'm maintaining 1.8.x in jessie-backports, we have 1.10.x in
> > stretch. If I disappear and nobody else is willing to maintain 1.8.x, you
> > can just backport 1.10.x from
On Wed, May 24, 2017 at 11:55:45AM +0200, Raphael Hertzog wrote:
> On Wed, 24 May 2017, Jan Ingvoldstad wrote:
> > Basically: if you need security updates, don't rely on backports, don't put
> > things in backports. The backport policy is incompatible with keeping
> > systems up-to-date and
On Wed, May 24, 2017 at 12:32:13PM +0200, Raphael Hertzog wrote:
> Right now, I'm maintaining 1.8.x in jessie-backports, we have 1.10.x in
> stretch. If I disappear and nobody else is willing to maintain 1.8.x, you
> can just backport 1.10.x from stretch into jessie-backports and you will
> be
Dear Raphael,
what I miss in your reactions here is an apology for not discussing this with
the backports admins before uploading those backports. (And the point is *not*
to apologize but rather to acknowledge that this was the wrong cause of
action.)
Of course rules might have flaws and should
On Wed, 24 May 2017, Adrian Bunk wrote:
> This part of the policy continues with:
>
> If your package had a security update you can upload a new backport
> even if its not yet in testing. If you have good reasons to update a
> package which is already is in backports with a newer version
Hi,
I'm ignoring the personal attack and threats of ACL removal because that
does not bring the discussion further, but I want to highlight that you
could have avoided this, I have not said anything bad about your work, I'm
just discussing the policy.
On Wed, 24 May 2017, Rhonda D'Vine wrote:
>
On Wed, May 24, 2017 at 11:40:54AM +0200, Raphael Hertzog wrote:
> On Wed, 24 May 2017, Adrian Bunk wrote:
> > The maintainer of the python-django backport not acting according to
> > policy is what started this discussion.
>
> Let's speak of the policy. It says this:
> > To guarantee an upgrade
* Jan Ingvoldstad [2017-05-24 11:37:49 CEST]:
> Basically: if you need security updates, don't rely on backports, don't put
> things in backports. The backport policy is incompatible with keeping
> systems up-to-date and secure.
That's a highly unfair statement. The
Hi,
* Raphael Hertzog [2017-05-24 10:25:19 CEST]:
> On Wed, 24 May 2017, Alexander Wirt wrote:
> > It is maybe a problem and maybe we should get the policy changed - I
> > personally don't think too. I don't wan't software that isn't in testing in
> > backports - but
On Wed, 24 May 2017, Adrian Bunk wrote:
> The maintainer of the python-django backport not acting according to
> policy is what started this discussion.
Let's speak of the policy. It says this:
> To guarantee an upgrade path from stable+backports to the next stable, the
> package should be in
On Wed, May 24, 2017 at 11:17 AM, Adrian Bunk wrote:
> On Wed, May 24, 2017 at 11:01:41AM +0200, Raphael Hertzog wrote:
> > On Wed, 24 May 2017, Adrian Bunk wrote:
> > > What is the minimum amount of technical checking that has to be in
> place
> > > before something like this
On Wed, May 24, 2017 at 11:01:41AM +0200, Raphael Hertzog wrote:
> On Wed, 24 May 2017, Adrian Bunk wrote:
> > What is the minimum amount of technical checking that has to be in place
> > before something like this could be done?
>
> For the backports team, none. For the maintainer, he must know
On Wed, 24 May 2017, Adrian Bunk wrote:
> What is the minimum amount of technical checking that has to be in place
> before something like this could be done?
For the backports team, none. For the maintainer, he must know this policy
and act accordingly.
If someone reports that it does not
On Wed, May 24, 2017 at 10:25:19AM +0200, Raphael Hertzog wrote:
> On Wed, 24 May 2017, Alexander Wirt wrote:
> > It is maybe a problem and maybe we should get the policy changed - I
> > personally don't think too. I don't wan't software that isn't in testing in
> > backports - but doing it
On Tue, May 23, 2017 at 11:33:26PM -0400, Justin Cappos wrote:
> So I had a look and think there may be an easier way to handle this. What
> if the ' at ' was removed from the memory regex in
> https://github.com/sphinx-doc/sphinx/blob/1.5.5/sphinx/util/inspect.py#L23
That would introduce many
On Wed, 24 May 2017, Raphael Hertzog wrote:
> On Wed, 24 May 2017, Alexander Wirt wrote:
> > It is maybe a problem and maybe we should get the policy changed - I
> > personally don't think too. I don't wan't software that isn't in testing in
> > backports - but doing it behinds our back is not an
On Wed, 24 May 2017, Alexander Wirt wrote:
> It is maybe a problem and maybe we should get the policy changed - I
> personally don't think too. I don't wan't software that isn't in testing in
> backports - but doing it behinds our back is not an option.
How do we fix the policy then?
38 matches
Mail list logo