Bug#753404: zope.security: Port python-zope.security-untrustedpython from Ubuntu
Brian Sutherland
brian at vanguardistas.net
Tue Jul 1 15:24:38 UTC 2014
On Tue, Jul 01, 2014 at 10:56:05AM -0400, Barry Warsaw wrote:
> Source: zope.security
> Severity: wishlist
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Dear Maintainer,
>
> In Ubuntu, the zope.security package has the following delta.
>
> zope.security (3.8.3-2ubuntu1) precise; urgency=low
>
> * Merge from Debian. Remaining changes:
> - Add metapackage for untrustedpython extra
>
> -- Gediminas Paulauskas <menesis at pov.lt> Mon, 14 Nov 2011 22:29:48 +0200
>
> However, the package is quite old in Ubuntu and I am going to sync it
> up with the latest Debian version, which will add Python 3 support.
> I'm not entirely sure what the untrustedpython metapackage is for, but
> I'm filing this bug to keep track of this, since Gediminas must have
> had a good reason for adding it.
>
> However, I do not want to hold up syncing and promotion of the new
> version for adding this new binary package and having it be held up in
> the NEW queue, at least not right now.
The reason it was not added in Debian is because it requires the
RestrictedPython package:
https://pypi.python.org/pypi/RestrictedPython
That has security implications, and no-one wanted to take responsibility
for that.
>
> Here's the debian/control bits:
>
> Package: python-zope.security-untrustedpython
> Architecture: all
> Depends: python-zope.security (>= ${binary:Version}),
> ${pydeb:Depends}, ${misc:Depends}
> Description: Zope Security Framework - Untrusted interpreter support
> Provides support for compiling untrusted code
>
>
> - -- System Information:
> Debian Release: jessie/sid
> APT prefers unstable
> APT policy: (500, 'unstable')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 3.14-1-amd64 (SMP w/1 CPU core)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQIcBAEBCAAGBQJTsswCAAoJEBJutWOnSwa/yZsP/0CxKYGhpCho6c2VvCOnMORz
> xP3CTcRq0jACNKF1HSKcpuPKGveURdJwJOMlj+orvlIXrxpZDsp+ZxnyrZLRwcT2
> zFh7K9TVIcTlymumt0GiLpD16CN69D0S4KyDhV9HmNWlggynvfLKbUz/2rc35J1t
> qpGvGv8986M670av32NSZuwVNhzcSJLHhnKoD/pB63LB7fKbASMJR9pCGcalpr0a
> VPKDb3zkcxsbILrYJJHfon3eTjN4G3+egVdo6XLPlO4Dnx4QoBsPRYEEIoALJLJQ
> F7114EMsXzNL42AdWmU7p+UwVQeV/SH/nzXmIfDIqaTFGdGrOyQvr5P1hssdqycW
> fhha1IuF5DhVcLQy1gNhfwnAJdcV2+8w9MuxQC7MU/5pVjLOnE2v92V8SykrEqX+
> rW9hBh1ENZ9OL8C+GzA+HBp05Gyzgoz6B1iHQCSxi83JtLYMK40AZ5bz4VcrCs0v
> ATk7TGfvF2vM7jyIB7S6ajycFHbJNFERnDgXlV4zpwJuDnAYPJK5leFe/gtmDBW3
> ZoX67Sg6tEDD1tt5L+ctZbp81SgQQwWuhz7EviGQb15DlH/eURb0yZtHiNf2PoYy
> oRmZiRAXULdnpDheos/2cfWgHPuixUTz2/VTSlBIUr+IhiIB7rxzPPoU0aaNA6Fx
> tghmXej6Zn7hamefSig2
> =PWFq
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> pkg-zope-developers mailing list
> pkg-zope-developers at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-zope-developers
--
Brian Sutherland
More information about the pkg-zope-developers
mailing list