On Mon, May 06, 2019 at 10:20:25AM +0200, Thomas Goirand wrote: > On 5/6/19 5:09 AM, Ross Vandegrift wrote: > > Source: sqlalchemy > > Version: 1.2.18+ds1 > > Followup-For: Bug #922669 > > > > I've confirmed that 1.2.18+ds1 is affected despite the description at [1]. > > Upstream has a patch for the 1.2 series at [2]. > > > > A debdiff including the patch is attached. It builds and the tests pass. > > However, the fix requires removing previously supported behavior. Consumers > > that depend on this have been found [3], so I'm not sure if this should be > > shipped in buster. > > Hi, > > I'm sorry, but where exactly do you see a list of affected consumers?
I didn't find a list, I just wanted to note that upstream observed at least one example (the bug report I linked as #3) of a user that was broken by the required API change. I don't know how concerned Debian should be about possible breakage. I don't use sqlalchemy much anymore, and never used the affected APIs. Ross
