Em qui., 6 de out. de 2022 às 18:45, Bastian Germann <b...@debian.org> escreveu: > > Am 06.10.22 um 20:19 schrieb Eriberto Mota: > > Am 05.10.22 um 14:59 schrieb Guilherme Xavier: > >>> Hi, > >>> > >>> Agree, downgrading would be an option. > >>> I don't know how this can be done, but I'm open to doing it. > >> > >> You import the older version as 8.1.1+really6.8.1-1 > > > > > > Nope. Downgrading is a workaround for new upstream versions full broken, > > but already sent to Debian. Is dangerous and undesirable to reintroduce > > an old version of a software to make it "a good dependency". This action > > may generate critical bugs or introduce security holes. The right way is > > ask to the upstream to update the software to use the current version of > > a dependency. In other words, "+really" must be used in very extreme > > cases only, not for adjustments. > > In general, I agree with you. But as far as I can see, Guilherme introduced > python-aio-pika for the sake of packaging kiwipy and probably has not checked > compatiblity before packaging that. It is not in use by any other package. > So for me this would be okay. It is in the archive for two months now and > popcon is at 1. I do not think that upstream will have the issue fixed soon > and it would be a pity if Guilherme's packaging work (there are some more deps > introduced for kiwipy) would not be fruitful for him in the sense of having it > available in bookworm.
Ok, this is commendable. However, keeping Debian (as OS) secure is more important than any effort to package anything.