Package: python3-django-axes Version: 4.1.0-1 Severity: important Tags: upstream
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Dear Maintainer, django-axes upstream package has serious issue that IP limits can be completely bypassed due the way IP address is retrieved from incoming HTTP headers. https://github.com/jazzband/django-axes/issues/286 I am worried about the way upstream project is managed. They reject requests such as GPG signing request very casually. They seriously broke the application twice in just a few months. The first time that happened, plinth completely broke. Patches like the one that introduced the problem seem to have been done without much thought. They don't seem to want to acknowledge the problems like the one that broke API in a patch release. Because of this, I am less inclined to submit an upstream patch. Plinth, which is the only package depending on this has a workaround ready: https://salsa.debian.org/freedombox-team/plinth/merge_requests/1245 If this continues, it is probably better to focus our efforts on creating an upstream fork. Thanks, - -- Sunil - -- System Information: Debian Release: 9.4 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-6-amd64 (SMP w/4 CPU cores) Locale: LANG=en_IN.UTF-8, LC_CTYPE=en_IN.UTF-8 (charmap=UTF-8), LANGUAGE=en_IN.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEE5xPDY9ZyWnWupXSBQ+oc/wqnxfIFAlqyNfMRHHN1bmlsQG1l ZGhhcy5vcmcACgkQQ+oc/wqnxfIsuxAAm2xT75Zhn5UcsMOE5vClyd5+LW9i/wfJ sPDKW4s2nPUH1uSQz8DaJlCnVTry/opJrR0kX1ltZRjSnHQ4LksRmuBhF82q4Hlk 3gXfJwY22F+IQIV9ldgrfdPiQMaNDVlSWTJYj4rN13vhMDYrtey45TaU7m+fmTWJ u0Tpe+59Mx3DLW0oAwmDUqi00LQrMkPcu6KPLlpl6LOBfmUNpZsbB+RVzkfQ3fqM UrGggvYBMxWhtJujHbRsZTor4I6NlaFI5/cOSZrggvIh5oIboi097xNdGF2yha5I 1hXIlolvC7YcdC+rx8P/O0ZbHj91wJlxmmCmGnGWTSvW/lsQePam440EjX6Jp00f 9Tu8nLJCA5fe8Ys7Z0P7gPuZqhRke46EgLkWuxq7hnIuRznDqYM7ZDIy9AtXfZSM G+daiLqSLVoSyCJFpyjRBg/XdjWRFInagvATHX8sQ74ZE8pSjzQDIA79f9ra3WSw YdrVIw8U5r7Yhj1ZvG96dFH17w9prlUK1sOsNL9FWDKNrSjbociwzpTz5Mrm47gT ll8IlVv7FGYagPuiszEfddPQHeGKs5YxKfUpT7rO/hD1871KnQT0Jp7NZ1kxE+nz g7O2IjO7Yv0XuC2Bshns7Un8QMhXVaBDCo5DbbEDwSlbe8rT+RN0jlKuG6hGQXsh jJiFeEV7MhM= =Pf6c -----END PGP SIGNATURE-----
