Hi Chiara, On Sun, Sep 18, 2022 at 11:31:34AM -1000, Chiara Marmo wrote: > I have updated joblib to 1.2.0 on salsa. > If someone has sometime to review or upload... thanks for your help. I uploaded 1.2.0-1 to unstable. But I selectively reverted a commit -- in particular I removed the -doc package and avoided fixing #959991 for now. This is because providing a new binary package means looping via the NEW queue again which can take an indefinite/unspecified amount of time to get accepted. And -now- is not the best time to do it as we draw close to freeze. Since joblib is a key package and it is currently affected by a RC bug/CVE which I considered to first address the issue at hand. I could push the package to new again, with a new revision but I fear another CVE being discovered meanwhile and we run into circles. -- Best, Nilesh
Attachment:
signature.asc
Description: PGP signature