Bug#775892: unblock (pre-approval): python-django/1.7.3-1
Hi Mehdi, On Tue, 17 Feb 2015, Mehdi Dogguy wrote: Le 2015-02-04 09:01, Raphael Hertzog a écrit : it's been two weeks that I have opened this pre-approval request and I got almost no feedback from the release team (except Neil saying that he has no answer for me on IRC). Neil or Niels? Sorry, I meant Niels. I can understand why the former doesn't have any answer for you on this subject. The latter might not have make his mind yet on this because it is not an easy subject. Sure. If I don't hear back from you in the next two days, I will proceed with what I believe to be best, which is: Do you think such a statement helps you in any way? Well, it was not meant to help me, but to help Debian. If the arguments I have put forth were not enough to convince anyone of the release team in a reasonable timeframe, then I hoped that some real-life testing in unstable would be a supplementary proof that it was the safe thing to do. The non-trivial part is to try to draw a line to know what should be allowed to be updated using new upstream releases, and what doesn't. An effort has been made into this direction (See packages like linux, iceweasel, postgresql, etc...) but I think that there is still room for improvement there. Certainly, that's why I was arguing that we could/should handle python-django like the cases that you mention. And if you don't agree, then I would be interested to know what could bring you the required confidence so that we can gain that status (maybe adding autopkgtests to reverse dependencies and running those tests, or stuff like that). Anyway. Based on my blabla about security stuff, I've decided to unblock this package so that it migrates to Jessie. Note that this doesn't mean that we will accept (let's say) 1.7.5 next time. Thanks! -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775892: unblock (pre-approval): python-django/1.7.3-1
Le 2015-02-18 09:38, Raphael Hertzog a écrit : And if you don't agree, then I would be interested to know what could bring you the required confidence so that we can gain that status (maybe adding autopkgtests to reverse dependencies and running those tests, or stuff like that). The list of packages that we started with are the ones that give more trouble to the security team. Maybe the list should be expanded, I don't know. Most probably. What we would like to have is a general discussion (not now please... but after jessie release) to put some criteria to help to distinguish packages that need a special treatement and others that don't. For now, the criteria has been security team has trouble with X but I don't find this criteria good enough. The autopkgtests might be part of the answer, but not the only one I hope. Regards, -- Mehdi -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775892: [Python-modules-team] Bug#775892: unblock (pre-approval): python-django/1.7.3-1
Le 2015-02-17 23:46, Brian May a écrit : On 18 February 2015 at 07:31, Mehdi Dogguy me...@dogguy.org wrote: Note that this not mean that we will accept (let's say) 1.7.5 next time. I assume you mean that when 1.7.5 comes out, we should make another unblock request? Yes. The idea is to not assume that a new minor release will be accepted at this stage. So, as usual, if you feel an update to the package is needed, please file a bug report and talk to us explaining your plan before taking actions. Regards, -- Mehdi -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775892: unblock (pre-approval): python-django/1.7.3-1
Control: retitle -1 unblock: python-django/1.7.4-1 On Wed, 04 Feb 2015, Raphael Hertzog wrote: File the above bug report with severity serious and upload 1.7.4-1 to sid closing the bug. Now done. Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775892: unblock (pre-approval): python-django/1.7.3-1
Hi, it's been two weeks that I have opened this pre-approval request and I got almost no feedback from the release team (except Neil saying that he has no answer for me on IRC). If I don't hear back from you in the next two days, I will proceed with what I believe to be best, which is: On Thu, 29 Jan 2015, Raphael Hertzog wrote: I want to add that my request is now to upload 1.7.4-1 since upstream released a new bugfix version: https://docs.djangoproject.com/en/1.7/releases/1.7.4/ BTW, that version contains a fix for an unreported FTBFS that we have in Debian and that has been introduced by the recent security patches and thus by Neil's NMU: https://code.djangoproject.com/ticket/24193 (Just verified my assertion by running sbuild on version 1.7.1-1.1) File the above bug report with severity serious and upload 1.7.4-1 to sid closing the bug. After all if this request must be waiting longer, we might as well benefit from the time the package languish in sid as a proof that it's working well for us. Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775892: unblock (pre-approval): python-django/1.7.3-1
Control: retitle -1 unblock (pre-approval): python-django/1.7.4-1 On Wed, 21 Jan 2015, Raphael Hertzog wrote: I would like to upload python-django 1.7.3-1 to sid and jessie. It's a new upstream version but it contains only bugfixes (a few of which are security related, see #775375). [...] Please let me know your thoughts. I want to add that my request is now to upload 1.7.4-1 since upstream released a new bugfix version: https://docs.djangoproject.com/en/1.7/releases/1.7.4/ BTW, that version contains a fix for an unreported FTBFS that we have in Debian and that has been introduced by the recent security patches and thus by Neil's NMU: https://code.djangoproject.com/ticket/24193 (Just verified my assertion by running sbuild on version 1.7.1-1.1) Please don't let this request languish for ever. /me just suffered the pain of backporting Django security patches to version 1.2 for squeeze-lts. I really want to make it easier for us in the future by following upstream closely on their stable release when there's really few risks in doing so. Thanks. -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775892: unblock (pre-approval): python-django/1.7.3-1
On Fri, Jan 23, 2015 at 02:26:06PM +0100, Raphael Hertzog wrote: On Wed, 21 Jan 2015, Raphael Hertzog wrote: Some notes: - the final upload will include the bug closure of #775375 - there's a small tweak of a Suggests dependency, it was not intended for jessie but I don't see how it can hurt and did not bother to revert it I have uploaded 1.7.3-1~exp1 to experimental which is basically what I'd like to upload to unstable. It contains one more patch compared to the debdiff I sent to fix a build failure with Python 3.4 (https://github.com/django/django/commit/b1bf8d64fbadcab860eb98662c49b8db33db0c3c). Cheers, PS: I know that Neil Williams uploaded an NMU to fix the security issues but I still want to include 1.7.3. It would still be good to unblock the NMU first to get the security fixes into jessie. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775892: unblock (pre-approval): python-django/1.7.3-1
On Wed, 21 Jan 2015, Raphael Hertzog wrote: Some notes: - the final upload will include the bug closure of #775375 - there's a small tweak of a Suggests dependency, it was not intended for jessie but I don't see how it can hurt and did not bother to revert it I have uploaded 1.7.3-1~exp1 to experimental which is basically what I'd like to upload to unstable. It contains one more patch compared to the debdiff I sent to fix a build failure with Python 3.4 (https://github.com/django/django/commit/b1bf8d64fbadcab860eb98662c49b8db33db0c3c). Cheers, PS: I know that Neil Williams uploaded an NMU to fix the security issues but I still want to include 1.7.3. -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775892: unblock (pre-approval): python-django/1.7.3-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock I would like to upload python-django 1.7.3-1 to sid and jessie. It's a new upstream version but it contains only bugfixes (a few of which are security related, see #775375). The diffstat is massive (see below) but it's partly because upstream is very serious about its stable release process, all changes come with tests and documentation. I would like Django to have the same kind of trust that you have into PostgreSQL. You can have a look at https://docs.djangoproject.com/en/1.7/internals/release-process/ and https://docs.djangoproject.com/en/1.7/misc/api-stability/ for instance. There a lot of bugfixes in 1.7.2 that are not in Jessie and that are really important. See https://docs.djangoproject.com/en/1.7/releases/1.7.2/ for details. My comaintainer Brian May was hit by https://code.djangoproject.com/ticket/23581 for example. And like I argued previously, Django is a package with regular security updates. By refusing to integrate new stable upstream versions, it gets harder and harder to apply security updates over time as we diverge from the upstream codebase. Since we want to support Jessie for 5 years, I would like us to follow the stable releases of the 1.7.x branch throughout the jessie lifetime. Please let me know your thoughts. unblock python-django/1.7.3-1 Some notes: - the final upload will include the bug closure of #775375 - there's a small tweak of a Suggests dependency, it was not intended for jessie but I don't see how it can hurt and did not bother to revert it Here's the diffstat of the debdiff. I attach the filtered debdiff without the tests doc change. Django.egg-info/PKG-INFO |4 Django.egg-info/SOURCES.txt| 45 PKG-INFO |4 debian/changelog | 20 debian/control |2 debian/gbp.conf|2 django/__init__.py |2 django/apps/registry.py| 14 django/conf/locale/el/formats.py | 36 django/conf/locale/ko/LC_MESSAGES/django.po| 19 django/conf/locale/uk/formats.py |2 django/contrib/admin/actions.py| 21 django/contrib/admin/checks.py |7 django/contrib/admin/options.py| 23 django/contrib/admin/sites.py |4 django/contrib/admin/static/admin/js/SelectFilter2.js |2 django/contrib/admindocs/views.py | 17 django/contrib/auth/__init__.py| 15 django/contrib/auth/decorators.py |5 django/contrib/auth/hashers.py |4 django/contrib/auth/middleware.py | 20 django/contrib/auth/tests/test_forms.py|2 django/contrib/auth/tests/test_hashers.py |6 django/contrib/auth/tests/test_middleware.py | 53 django/contrib/auth/tests/test_views.py| 26 django/contrib/gis/db/backends/mysql/schema.py |7 django/contrib/gis/db/backends/spatialite/creation.py |3 django/contrib/gis/db/models/fields.py |2 django/contrib/gis/db/models/proxy.py |2 django/contrib/gis/db/models/sql/query.py |2 django/contrib/gis/gdal/srs.py |2 django/contrib/gis/tests/geoapp/tests.py | 19 django/contrib/gis/tests/gis_migrations/test_operations.py | 29 django/contrib/sites/management.py | 10 django/contrib/sites/tests.py | 61 django/contrib/webdesign/tests.py |4 django/core/exceptions.py |5 django/core/files/base.py |7 django/core/management/commands/flush.py | 10 django/core/management/commands/makemessages.py|2 django/core/management/commands/migrate.py |3 django/core/management/commands/runserver.py |4 django/core/management/commands/sqlsequencereset.py|2 django/core/management/commands/squashmigrations.py| 32 django/core/serializers/xml_serializer.py |2 django/core/servers/basehttp.py| 11 django/db/backends/mysql/base.py |3 django/db/backends/mysql/validation.py |4