[Python-modules-team] Bug#927066: python-gdata: Should not ship with Buster
mitya57 at debian.org
Sun Apr 14 16:08:28 BST 2019
Tags: buster sid
I am uploader of python-gdata and my intention is that it should not be
part of Debian Buster release.
There are two main reasons for it:
1) It does not actually work anymore: Google has shut down most of gdata
API backends . Some of them like the YouTube data API continue to work
as per deprecation policy, but will most likely be shutdown during Buster
2) It is insecure: it bundles an ancient version of tlslite, which
has known vulnerabilities: at least CVE-2014-3566, CVE-2013-0169 and
CVE-2011-3389. Newer version of tlslite has been removed from Debian
in 2014, so I cannot even unbundle it.
I have filed bugs for all reverse dependencies in May 2018. At the moment
of writing this all reverse dependencies have been removed from Buster.
I am also going to get it removed from Sid later.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the Python-modules-team