Re: Maintenance of python-cryptography
Hi Scott,
Am Wed, Mar 13, 2024 at 11:39:50PM -0400 schrieb Scott Kitterman:
> On Wednesday, March 13, 2024 1:34:14 PM EDT Scott Kitterman wrote:
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064979
> >
> > Would some of you who are pushing so hard to change the policy for
> > Uploaders/ Maintainer in the team please step up and take over this
> > package. It really needs updated to the new upstream release (blocking
> > both aioquic and dnspythong for me, I don't know about others).
Reading the bug log of your request to upgrade this package has a hint
from Tue, 13 Feb 2024 [1] that some rust dependencies need updates
(thanks for the work on this Jérémy! BTW, I merged you 41.0.7-5 changes
into master branch and closed bug #1046569 manualy)
The discussion about Policy change started two weeks later[2]. I might
miss the point in the connection you are drawing here.
> > I haven't done a comprehensive check, but I think morph asked for all the
> > leaf packages he was maintaining in the team to be removed from the archive
> > and is removing himself from uploaders/maintainer on others.
Your request to speak up[3] was not heard. I would have prefered to
read constructive arguments instead of silent leaving the team (in the
sense of not informing the team mailing list about the leave).
> > You all made this mess. Please clean it up.
I think the good intentions[4] in your sentences here are that you
really care about this important package and you fear that it is left
alone. So thanks for the pointer.
What I did before your mail was sent:
python-cryptography (42.0.5-1) UNRELEASED; urgency=medium
* Team upload.
* New upstream version
Closes: #1059308 (CVE-2023-50782)
Closes: #1064778 (CVE-2024-26130)
Closes: #1063771, #1018159
* Reorder sequence of d/control fields by cme (routine-update)
* watch file standard 4 (routine-update)
* Enable building twice in a row
Closes: #1046569
-- Andreas Tille <tille@debian.org> Thu, 29 Feb 2024 10:20:49 +0100
Meanwhile I marked bugs #1059308 and #1064778 pending (they could be
even closed but its good to have some record inside changelog if CVEs
are involved[5]) I also closed bug #1018159 which remained open for
no good reason and closed #1046569 manually since it was not mentioned
in changelog of latest upload.
Jérémy did:
python-cryptography (41.0.7-5) unstable; urgency=medium
* AMAU, Closes: #1064979
[ Andreas Tille ]
* Enable building twice in a row
-- Jérémy Lal <kapouer@melix.org> Thu, 07 Mar 2024 13:42:35 +0100
> Actually, it looks like python-cryptography still has one uploader, but morph
> was doing work on the package, it's complicated,
Since Tristan Seligmann went MIA the package was uploaded by:
-- Jérémy Lal <kapouer@melix.org> Thu, 07 Mar 2024 13:42:35 +0100
-- Sandro Tosi <morph@debian.org> Wed, 28 Feb 2024 12:23:58 -0500
-- Jérémy Lal <kapouer@melix.org> Thu, 08 Feb 2024 15:34:30 +0100
-- Jérémy Lal <kapouer@melix.org> Tue, 09 Jan 2024 01:14:48 +0100
-- Jérémy Lal <kapouer@melix.org> Sun, 07 Jan 2024 13:24:39 +0100
-- Nicolas Dandrimont <olasd@debian.org> Tue, 08 Aug 2023 17:16:11 +0200
-- Sandro Tosi <morph@debian.org> Tue, 28 Feb 2023 00:36:13 -0500
-- Stefano Rivera <stefanor@debian.org> Sun, 08 Jan 2023 16:31:04 -0400
-- Sandro Tosi <morph@debian.org> Thu, 15 Dec 2022 12:00:09 -0500
-- Debian Janitor <janitor@jelmer.uk> Thu, 19 May 2022 05:05:36 -0000
-- Stefano Rivera <stefanor@debian.org> Wed, 18 May 2022 12:22:15 -0400
Comment: Debian Janitor did not really uploaded the package. The
Uploader of the subsequent upload probably accidentaly forgot to merge
the changelog entries. The Upload
Sandro Tosi <morph@debian.org> Wed, 28 Feb 2024 12:23:58 -0500
is simply orphaning the package. BTW, "orphaning" is defined by setting
Debian QA team as maintainer. The package is not really orphaned but has
DPT as maintainer. I understand your worries about this package but
looking at these entries I do not see in how far the current status
looks that bad.
> and could use more help, not
> less. Pyopenssl, on the other hand, is now unmaintained (no human uploader).
Pyopenssl is lagging slightly behind upstream. Someone could care for
#1047548 but I personally ignore such bugs until other work on the
package needs to be done. I'm optimistic that someone will step up
as Uploader.
Kind regards
Andreas.
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063771#10
[2] https://lists.debian.org/debian-python/2024/02/msg00052.html
[3] https://lists.debian.org/debian-python/2024/02/msg00060.html
[4] https://salsa.debian.org/python-team/tools/python-modules/-/merge_requests/21
[5] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059308#25
--
http://fam-tille.de
Reply to: