[Python-modules-team] Bug#932960: python-django don't fix CVE and drop Python 2 support at the same time
Thomas Goirand
zigo at debian.org
Fri Jul 26 13:51:45 BST 2019
On 7/25/19 9:20 AM, Paul Gevers wrote:
> Source: python-django
> Control: found -1 python-django/2:2.2.3-5
> Severity: important
> User: debian-ci at lists.debian.org
> Usertags: breaks
> X-Debbugs-CC: debian-ci at lists.debian.org
> Affects: django-maintenancemode django-restricted-resource
> Affects: django-tables django-testscenarios factory-boy lava
> Affects: python-django python-django-debug-toolbar python-django-mptt
> Affects: python-sparkpost django-sekizai
>
> Dear maintainers,
>
> Your package is trying to fix a CVE, but at the same time dropping
> Python 2 support. There is a multitude of packages that need updating
> for that because they (test-) depend on python-django. I think it is
> smart to revert the Python 2 removal and have the security fix migrate
> to testing.
Hi,
I respectfully don't agree. We need to drop Python 2 support *now* for
all the Django packages. I did a lot of that work already (at least a
dozen of packages are fixed already), there's not so much remaining.
Also, Django 2.2 does *not* have Python 2 support upstream anymore, so
there's no way we can maintain this by ourselves.
Cheers,
Thomas Goirand (zigo)
More information about the Python-modules-team
mailing list