[Python-modules-team] Bug#932960: Bug#932960: python-django don't fix CVE and drop Python 2 support at the same time
Paul Gevers
elbrus at debian.org
Thu Jul 25 09:25:31 BST 2019
Hi Brian,
On 25-07-2019 09:50, Brian May wrote:
> Paul Gevers <elbrus at debian.org> writes:
>
>> Your package is trying to fix a CVE, but at the same time dropping
>> Python 2 support. There is a multitude of packages that need updating
>> for that because they (test-) depend on python-django. I think it is
>> smart to revert the Python 2 removal and have the security fix migrate
>> to testing. I don't want to judge the severity of the CVE, but otherwise
>> I recommend to remove python-django from testing until all the fall-out
>> has been fixed.
>
> Python 2 support was dropped by upstream when we updated to version
> 2.2.x. We cannot support Python 2 unless we reverted package to Django
> 1.11.x.
Ack. What is the proposed way forward?
Paul
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/python-modules-team/attachments/20190725/87dfa9b7/attachment.sig>
More information about the Python-modules-team
mailing list