Hi Piotr,
On Fri, Jun 21, 2019 at 01:15:23PM +0200, Piotr Ożarowski wrote:
> > https://github.com/davidhalter/parso/issues/75
> >
> > I understand that it is not fixed but the authors do not consider the
> > issue serious. Could you please give some comment from an insiders
> > point of view (which I'm not). I'm just caring since several Debian
> > Science dependencies are about to be removed from testing due to this
> > bug.
>
> I don't consider it that serious as well. I'll wait for upstream to
> provide a proper fix. If there will be no such fix in time, I guess I can
> just disable cache if security team insists.
Thanks for mentioning. I consider it important to mention it here in
the bug report to inform maintainers of reverse dependencies. Is there
any active discussion with security team and if yes where can I read
about it?
> > PS: Is there any reason why this package is not on Salsa and not
> > team maintained?
>
> that's because python-jedi is a mutli-tarball source package and parso
> was part of it at the beginning. Last time I checked gbp didn't
> support it (or I don't know how to use it) so it was easier for me to
> keep it outside DPMT. I guess there's no reason not to move parso into
> DPMT now.
I confirm that I personally also have no idea how to deal with
multi-tarball source packages using gbp (except may be when maintaining
only debian/ dir in Git. If that issue does not exist any more it
might be helpful to move parso now.
Thanks for maintaining parso
Andreas.
--
http://fam-tille.de
