Re: rdflib / CVE-2019-7653
> Oh, wait, I see. html5lib and SPARQLWrapper are only added in
> install_requires in setup.py for Python2. For Python3 they are not
> To fix this I could:
> * Patch upstream not to require these libraries for Python2 (assuming
> that works...)
As in, patch the setup.py? That would curiously appear to be the most
conservative or otherwise least-surprising from the end-users (binary
package) centric point of view.
> Latest patch attached.
Hm, does this not still omit the rationale for the non-trivial changes
to the build system? Or at least it doesn't make the connection very
obvious to someone installing the package. I think that was mostly why
I got sucked into this review in the first place. :)
: :' : Chris Lamb
`. `'` email@example.com 🍥 chris-lamb.co.uk