[Python-modules-team] Bug#771794: pip silently removes/updates system provided python packages

Tue Dec 2 23:32:08 UTC 2014

On Tuesday, December 02, 2014 05:17:48 PM Donald Stufft wrote:
> > On Dec 2, 2014, at 5:03 PM, Scott Kitterman <debian at kitterman.com> wrote:
> > 
> > On Tuesday, December 02, 2014 04:54:37 PM Donald Stufft wrote:
> >>> On Dec 2, 2014, at 4:47 PM, Scott Kitterman <debian at kitterman.com>
> >>> wrote:
> >>> 
> >>> On Tuesday, December 02, 2014 04:15:05 PM Donald Stufft wrote:
> >>> ...
> >>> 
> >>>> I have another question. If we fix this in the upcoming pip 6 release
> >>>> what
> >>>> is the chances of getting an exception for pip 6 in the freeze? If I
> >>>> can
> >>>> solve the problem in pip proper and keep the delta between different
> >>>> platforms smaller I can juggle around priorities and push the other big
> >>>> ticket thing I was working on till another release.
> >>> 
> >>> ...
> >>> The deadline for getting Important (i.e. not Serious/Grave/Critical) bug
> >>> fixes unblocked for Jessie is December 5th (that's uploaded to Debian
> >>> and
> >>> the release team has reviewed and unblocked it).
> >>> 
> >>> Unless the next release is ~nothing but fixes for important/release
> >>> critical bugs, the chance is approximately zero.
> >>> 
> >>> Scott K
> >> 
> >> This bug is marked “Serious” right? So if I understand correctly a new
> >> version isn’t acceptable, even to fix a Serious issue, unless it only
> >> fixes
> >> items that are allowed within whatever phase the release process is in?
> > 
> > A new release would be acceptable if it only fixed release critical stuff.
> >  The problem comes in where a new release fixes something serious and
> > other stuff.
> > 
> > Scott K
> 
> Ok, so anything from upstream will need to be backported to 1.5.x then,
> which might be a pain but I don’t think undoable. We reorganized some stuff
> but it shouldn’t be impossible.
> 
> Would a patch for this issue need to be done and uploaded and unblocked by
> the Dec 5th? Or Since it’s a “Serious” issue is there a longer deadline?
> 
> What’s the chances of accepting the status quo for Jessie and having an
> upstream fix in Jessie+1? This isn’t a *new* problem, it exists in stable
> and oldstable as well and it wasn’t unknown to be a problem previously
> (there’s another ticket about making —user the default in BTS which
> references this fact over a year ago). I’m not sure what would make it all
> of a sudden a dire problem in Jesse, so if we can wait till Jesse+1 and I
> can get a stakeholder to sit down with me and sort out what a solution
> *needs* from the Debian side of things I can make sure a fix does land in
> the next pip release which will be out far in advance of Jessie+1.

Assuming the maintainer doesn't decide to downgrade the bug (which I think is 
unlikely and a number of people would object to, so I think we can ignore it 
as a possibility), the decision to ignore the bug for Jessie belongs with the 
release team.  If we choose not to fix it (and there's no Non-Maintainer 
Upload), then they will decide to either remove the package or ignore the bug.

Since this particular issue is release critical, the December 5th deadline 
isn't relevant to a targeted fix just for this issue.

Scott K