o omissions from the list though.
> >>>
> >>> There is a significantly longer list of packages which appear to contain
> >>> a use of yaml.load _somewhere_, but it is usually in some
> >>> maintainer/release script, or an optional path somewhere, and th
t;> a use of yaml.load _somewhere_, but it is usually in some
>>> maintainer/release script, or an optional path somewhere, and the
>>> package itself doesn't [build-]depend on python3-yaml.
>>>
>>
>> I've filed bugs for (most) of the packages
propose to wait ~2 weeks until the beginning of November and upload
pyyaml 6 to unstable then.
pyyaml 6 has now landed in unstable. About half the bugs I filed have
been resolved, and there is only one package (ganeti) with autopkgtests
blocking migration.
the beginning of November and upload
pyyaml 6 to unstable then.
On 2022-10-06 21 h 43, Paul Wise wrote:
On Fri, 2022-10-07 at 00:10 +0200, Gordon Ball wrote:
* Upload to unstable and see what breaks?
The experimental pseudo-excuses already say several packages break:
https://qa.debian.org/excuses.php?experimental=1=pyyaml
autopkgtest for
On 2022-10-09 21:39:56 +0200 (+0200), Gordon Ball wrote:
[...]
> gnocchi # confirm, in gnocchi/gendoc
Looks like it was fixed in gnocchi 4.4.2 earlier this year (unstable
still has 4.4.0).
> jeepyb # confirm, in cmd/notify_impact
I'm honestly surprised this is packaged for Debian, since it's
On 07/10/2022 01:13, Timo Röhling wrote:
> Hi Gordon,
>
> * Gordon Ball [2022-10-07 00:10]:
>> * Upload to unstable and see what breaks?
>> * Request an archive rebuild with this version and see what breaks?
>> * File bugs against all likely affected packages with a fixed date for
>> an upload?
On 2022-10-07 00:10:21 +0200 (+0200), Gordon Ball wrote:
[...]
> The only bug requesting it actually be upgraded is
> https://bugs.debian.org/1008262 (for openstack). I don't know if
> that has proved a hard blocker - I _think_ anything designed to
> work with 6.x should also work with 5.4.
I
worth filing a transition bug.
Probably also a good idea to do that anyway too.
https://wiki.debian.org/Teams/ReleaseTeam/Transitions
There might also be Debian services broken by pyyaml 6, but they can be
dealt with during the upgrade of the debian.org machines to bookworm.
--
bye,
Hi Gordon,
* Gordon Ball [2022-10-07 00:10]:
* Upload to unstable and see what breaks?
* Request an archive rebuild with this version and see what breaks?
* File bugs against all likely affected packages with a fixed date for
an upload?
* Wait until after the freeze?
Considering that PyYAML
pyyaml (aka python3-yaml) is an rdepend for >300 packages. We currently
have 5.4.1, but version 6 was released late last year, which does quite
a lot of cleanup (eg, dropping python 2 support) and disables unsafe
loading (arbitrary python code execution) unless explicitly opted into.
11 matches
Mail list logo
