Your message dated Thu, 17 May 2018 23:05:41 +0000
with message-id <e1fjrxt-0009e0...@fasolo.debian.org>
and subject line Bug#893699: fixed in django-axes 4.3.1-1
has caused the Debian Bug report #893699,
regarding python3-django-axes: Possibility to bypass IP limitations
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
893699: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893699
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: python3-django-axes
Version: 4.1.0-1
Severity: important
Tags: upstream
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Dear Maintainer,
django-axes upstream package has serious issue that IP limits can be completely
bypassed due the way IP address is retrieved from incoming HTTP headers.
https://github.com/jazzband/django-axes/issues/286
I am worried about the way upstream project is managed. They reject requests
such as GPG signing request very casually. They seriously broke the application
twice in just a few months. The first time that happened, plinth completely
broke. Patches like the one that introduced the problem seem to have been done
without much thought. They don't seem to want to acknowledge the problems like
the one that broke API in a patch release.
Because of this, I am less inclined to submit an upstream patch. Plinth, which
is the only package depending on this has a workaround ready:
https://salsa.debian.org/freedombox-team/plinth/merge_requests/1245
If this continues, it is probably better to focus our efforts on creating an
upstream fork.
Thanks,
- --
Sunil
- -- System Information:
Debian Release: 9.4
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-6-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IN.UTF-8, LC_CTYPE=en_IN.UTF-8 (charmap=UTF-8),
LANGUAGE=en_IN.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEE5xPDY9ZyWnWupXSBQ+oc/wqnxfIFAlqyNfMRHHN1bmlsQG1l
ZGhhcy5vcmcACgkQQ+oc/wqnxfIsuxAAm2xT75Zhn5UcsMOE5vClyd5+LW9i/wfJ
sPDKW4s2nPUH1uSQz8DaJlCnVTry/opJrR0kX1ltZRjSnHQ4LksRmuBhF82q4Hlk
3gXfJwY22F+IQIV9ldgrfdPiQMaNDVlSWTJYj4rN13vhMDYrtey45TaU7m+fmTWJ
u0Tpe+59Mx3DLW0oAwmDUqi00LQrMkPcu6KPLlpl6LOBfmUNpZsbB+RVzkfQ3fqM
UrGggvYBMxWhtJujHbRsZTor4I6NlaFI5/cOSZrggvIh5oIboi097xNdGF2yha5I
1hXIlolvC7YcdC+rx8P/O0ZbHj91wJlxmmCmGnGWTSvW/lsQePam440EjX6Jp00f
9Tu8nLJCA5fe8Ys7Z0P7gPuZqhRke46EgLkWuxq7hnIuRznDqYM7ZDIy9AtXfZSM
G+daiLqSLVoSyCJFpyjRBg/XdjWRFInagvATHX8sQ74ZE8pSjzQDIA79f9ra3WSw
YdrVIw8U5r7Yhj1ZvG96dFH17w9prlUK1sOsNL9FWDKNrSjbociwzpTz5Mrm47gT
ll8IlVv7FGYagPuiszEfddPQHeGKs5YxKfUpT7rO/hD1871KnQT0Jp7NZ1kxE+nz
g7O2IjO7Yv0XuC2Bshns7Un8QMhXVaBDCo5DbbEDwSlbe8rT+RN0jlKuG6hGQXsh
jJiFeEV7MhM=
=Pf6c
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: django-axes
Source-Version: 4.3.1-1
We believe that the bug you reported is fixed in the latest version of
django-axes, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 893...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
James Valleroy <jvalle...@mailbox.org> (supplier of updated django-axes package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 17 May 2018 06:03:04 -0400
Source: django-axes
Binary: python3-django-axes python3-django-axes-doc
Architecture: source
Version: 4.3.1-1
Distribution: unstable
Urgency: low
Maintainer: FreedomBox packaging team
<freedombox-pkg-t...@lists.alioth.debian.org>
Changed-By: James Valleroy <jvalle...@mailbox.org>
Description:
python3-django-axes - Keep track of failed login attempts in Django-powered
sites
python3-django-axes-doc - Keep track of failed login attempts in Django -
documentation
Closes: 893699
Changes:
django-axes (4.3.1-1) unstable; urgency=low
.
* d/copyright: Use https format uri
* d/control: Update Vcs-* fields to salsa
* d/control: Bump Standards-Version to 4.1.4
* d/rules: Use dh_auto_test with custom args
* d/compat: Switch to debhelper compat level 11
* doc-base: HTML docs moved into main package folder
* New upstream version 4.3.1 (Closes: #893699)
Checksums-Sha1:
d9d19a51ea75a024a81c6a0f933d6f438756a041 2379 django-axes_4.3.1-1.dsc
200afad7009aab193f8d55eec44e5ea8b517979b 32632 django-axes_4.3.1.orig.tar.gz
da5219fa5b0b28016fa30757058929b91a8c0bd5 2888 django-axes_4.3.1-1.debian.tar.xz
324bff9e550e0899d211579ff523a1c94bd249ee 7570
django-axes_4.3.1-1_amd64.buildinfo
Checksums-Sha256:
bb9132ea16d8d1cd1acd7fb5b1f120e44c3abc4641eeb1de4dcb479d7d2cc48d 2379
django-axes_4.3.1-1.dsc
ea341dc1610ba7345add0f88e3a303b74acebdc1ef18e03f7aac750b57f8a5eb 32632
django-axes_4.3.1.orig.tar.gz
8bf29ca7c77872338e3ab8d49ee14967de2b60a3d858b55a8c0fc193db0535be 2888
django-axes_4.3.1-1.debian.tar.xz
5775e1dec070f393ec3eb5ac2816e4a69ece6d18ff682a422f257ab84563c5c6 7570
django-axes_4.3.1-1_amd64.buildinfo
Files:
647095734dc2d5de36ed5d8baca92536 2379 python optional django-axes_4.3.1-1.dsc
0e42860fcb4d7def559664760e425726 32632 python optional
django-axes_4.3.1.orig.tar.gz
0c80c7565c1654e75449f669fb1c8c82 2888 python optional
django-axes_4.3.1-1.debian.tar.xz
ab0d8e26c1cb78c952072ab31a1871d2 7570 python optional
django-axes_4.3.1-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJKBAEBCgA0FiEEfWrbdQ+RCFWJSEvmd8DHXntlCAgFAlr+BrUWHGp2YWxsZXJv
eUBtYWlsYm94Lm9yZwAKCRB3wMdee2UICNdoD/97VHexnJDo5mu/Tcv5zP0kbIbM
pGmE+6Dnh+E6Sp6ncHdnuIUamoaTSo1518CUakm6PW1GWe9H/OlSCgW3ECBlpN+E
zcvVsKZYeO2GXaOpc9cgVG7FpLxeD/yCOR9ifVjOnJvVVKqi8z3nbeqkHLrrh4d1
KLpVuG/C9LnHhXPUt7xWjl5P9sd+eNUv5rE4mSENP4grRiumqUcyW1XCXSovpovO
LlX+PmcqS0tnunV4Z6B5YI0qe6Ivozv8mjKe7EgcFZjryK2VScpbxndulw8UNXrb
3G0HNpKkcy51vkKvv4E+AAyaZ1kjLNusAsPIbWUnAcPHi5CWjGtYZQe2MNl5MEuW
atYfFZ42ng/IgYfPi0n2AogNNg23dfnS7WJS4mWvIzPb6QX9xMvSlFXQMuHfqUd+
FHVaRz85EW4A7SROLryPkn6jqBEP2nxtLT9VEHMqqvCvIzJiv1w05gfKetZH6bdZ
j1KtQFc5w1s7SAhuuUIu7GXa4kQMgkR1tDNHUKjWspz+ZABitn9i0w/NIt6ULLD1
WrpX2x2UMoUZcdIJSb7xvtHAIXf0pbguYxwjdeHj/iGMjga5ro4V+M3mFxqcFx77
tLQKyqIJUqQD0SMAbzb7y8D33qUDYi0Iuyh1N0pPPemKgx9zT0E3cEIDkvmR3SxE
ReB41Eayo03ZikRrSw==
=TI9y
-----END PGP SIGNATURE-----
--- End Message ---
