Hi Bastian, I did check the correct package dependencies.
I believe that if you had researched I sent the aio-pika package on 03/08/2022 (https://tracker.debian.org/news/1351353/accepted-python-aio-pika-803-1-source-all- into-unstable-unstable/) and the kiwipy package upstream entered the package's dependency version information in the develop branch on 5/8/2022 (https://github.com/aiidateam/kiwipy/commit/7750921d7f69f55005a9f69a854f5e0d1a16feb0). Best, Guilherme Em qui., 6 de out. de 2022 às 19:04, Eriberto <eribe...@eriberto.pro.br> escreveu: > > Em qui., 6 de out. de 2022 às 18:45, Bastian Germann <b...@debian.org> > escreveu: > > > > Am 06.10.22 um 20:19 schrieb Eriberto Mota: > > > Am 05.10.22 um 14:59 schrieb Guilherme Xavier: > > >>> Hi, > > >>> > > >>> Agree, downgrading would be an option. > > >>> I don't know how this can be done, but I'm open to doing it. > > >> > > >> You import the older version as 8.1.1+really6.8.1-1 > > > > > > > > > Nope. Downgrading is a workaround for new upstream versions full broken, > > > but already sent to Debian. Is dangerous and undesirable to reintroduce > > > an old version of a software to make it "a good dependency". This action > > > may generate critical bugs or introduce security holes. The right way is > > > ask to the upstream to update the software to use the current version of > > > a dependency. In other words, "+really" must be used in very extreme > > > cases only, not for adjustments. > > > > In general, I agree with you. But as far as I can see, Guilherme introduced > > python-aio-pika for the sake of packaging kiwipy and probably has not > > checked > > compatiblity before packaging that. It is not in use by any other package. > > So for me this would be okay. It is in the archive for two months now and > > popcon is at 1. I do not think that upstream will have the issue fixed soon > > and it would be a pity if Guilherme's packaging work (there are some more > > deps > > introduced for kiwipy) would not be fruitful for him in the sense of having > > it > > available in bookworm. > > Ok, this is commendable. However, keeping Debian (as OS) secure is > more important than any effort to package anything. -- Guilherme de Paula Xavier Segundo GPG: 4096R/976B8AC9 GPG Fingerprint: 1808D92674863C2E07B7B08C1B140644976B8AC9