Hi Scott, Am Wed, Mar 13, 2024 at 11:39:50PM -0400 schrieb Scott Kitterman: > On Wednesday, March 13, 2024 1:34:14 PM EDT Scott Kitterman wrote: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064979 > > > > Would some of you who are pushing so hard to change the policy for > > Uploaders/ Maintainer in the team please step up and take over this > > package. It really needs updated to the new upstream release (blocking > > both aioquic and dnspythong for me, I don't know about others).
Reading the bug log of your request to upgrade this package has a hint from Tue, 13 Feb 2024 [1] that some rust dependencies need updates (thanks for the work on this Jérémy! BTW, I merged you 41.0.7-5 changes into master branch and closed bug #1046569 manualy) The discussion about Policy change started two weeks later[2]. I might miss the point in the connection you are drawing here. > > I haven't done a comprehensive check, but I think morph asked for all the > > leaf packages he was maintaining in the team to be removed from the archive > > and is removing himself from uploaders/maintainer on others. Your request to speak up[3] was not heard. I would have prefered to read constructive arguments instead of silent leaving the team (in the sense of not informing the team mailing list about the leave). > > You all made this mess. Please clean it up. I think the good intentions[4] in your sentences here are that you really care about this important package and you fear that it is left alone. So thanks for the pointer. What I did before your mail was sent: python-cryptography (42.0.5-1) UNRELEASED; urgency=medium * Team upload. * New upstream version Closes: #1059308 (CVE-2023-50782) Closes: #1064778 (CVE-2024-26130) Closes: #1063771, #1018159 * Reorder sequence of d/control fields by cme (routine-update) * watch file standard 4 (routine-update) * Enable building twice in a row Closes: #1046569 -- Andreas Tille <ti...@debian.org> Thu, 29 Feb 2024 10:20:49 +0100 Meanwhile I marked bugs #1059308 and #1064778 pending (they could be even closed but its good to have some record inside changelog if CVEs are involved[5]) I also closed bug #1018159 which remained open for no good reason and closed #1046569 manually since it was not mentioned in changelog of latest upload. Jérémy did: python-cryptography (41.0.7-5) unstable; urgency=medium * AMAU, Closes: #1064979 [ Andreas Tille ] * Enable building twice in a row -- Jérémy Lal <kapo...@melix.org> Thu, 07 Mar 2024 13:42:35 +0100 > Actually, it looks like python-cryptography still has one uploader, but morph > was doing work on the package, it's complicated, Since Tristan Seligmann went MIA the package was uploaded by: -- Jérémy Lal <kapo...@melix.org> Thu, 07 Mar 2024 13:42:35 +0100 -- Sandro Tosi <mo...@debian.org> Wed, 28 Feb 2024 12:23:58 -0500 -- Jérémy Lal <kapo...@melix.org> Thu, 08 Feb 2024 15:34:30 +0100 -- Jérémy Lal <kapo...@melix.org> Tue, 09 Jan 2024 01:14:48 +0100 -- Jérémy Lal <kapo...@melix.org> Sun, 07 Jan 2024 13:24:39 +0100 -- Nicolas Dandrimont <ol...@debian.org> Tue, 08 Aug 2023 17:16:11 +0200 -- Sandro Tosi <mo...@debian.org> Tue, 28 Feb 2023 00:36:13 -0500 -- Stefano Rivera <stefa...@debian.org> Sun, 08 Jan 2023 16:31:04 -0400 -- Sandro Tosi <mo...@debian.org> Thu, 15 Dec 2022 12:00:09 -0500 -- Debian Janitor <jani...@jelmer.uk> Thu, 19 May 2022 05:05:36 -0000 -- Stefano Rivera <stefa...@debian.org> Wed, 18 May 2022 12:22:15 -0400 Comment: Debian Janitor did not really uploaded the package. The Uploader of the subsequent upload probably accidentaly forgot to merge the changelog entries. The Upload Sandro Tosi <mo...@debian.org> Wed, 28 Feb 2024 12:23:58 -0500 is simply orphaning the package. BTW, "orphaning" is defined by setting Debian QA team as maintainer. The package is not really orphaned but has DPT as maintainer. I understand your worries about this package but looking at these entries I do not see in how far the current status looks that bad. > and could use more help, not > less. Pyopenssl, on the other hand, is now unmaintained (no human uploader). Pyopenssl is lagging slightly behind upstream. Someone could care for #1047548 but I personally ignore such bugs until other work on the package needs to be done. I'm optimistic that someone will step up as Uploader. Kind regards Andreas. [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063771#10 [2] https://lists.debian.org/debian-python/2024/02/msg00052.html [3] https://lists.debian.org/debian-python/2024/02/msg00060.html [4] https://salsa.debian.org/python-team/tools/python-modules/-/merge_requests/21 [5] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059308#25 -- http://fam-tille.de