Control: tags -1 moreinfo Hi Chris,
On 25-07-2019 18:51, Chris Lamb wrote: >> PS: I failed to spot bugs against (some of) those packages communication >> the removal, I think that would be nice for those maintainers. > > This might have been justifiably and fairly missed as it was dicussed > quite some time, possibly years, ago. Not your fault, possibly ours… > However, as Brian mentions we do really have no option but to use the > 2.x branch of Django these days and, unfortunately, this means that > Python 2.x support is accordingly dropped. It's OK to move on and it's very OK to do that at the beginning of a release cycle. However I expect you to coordinate this with your reverse dependencies and *I* didn't see that so far (but of course it's easy for me to miss stuff). > The packages you list may thus need to be updated or removed. (I'm > afraid I haven't looked into the specifics...) Sure. Contacting the maintainers, and they can help as well, I guess. >> Your package is trying to fix a CVE > > Can you elaborate? I'm a little distracted by DebConf stuff but I > can't seem to grok what you mean here specifically. https://qa.debian.org/excuses.php?package=python-django says this upload will fix bug #931316 in testing. That bug is about CVE-2019-12781. Testing has not seen the fix yet, and due to the dropping of Python 2, it will take time before it does, as python-django can not migrate before reverse dependencies are fixed or removed. The latter isn't very nice for your reverse dependencies if you didn't give them proper heads-up. The former isn't nice for the python-django users of testing. Paul
signature.asc
Description: OpenPGP digital signature