Hi, I am attempting to get a package into Debian. I have it packaged and accepted into unstable but due to a dependency on python-oauth2 it has been held back from entering testing.
https://security-tracker.debian.org/tracker/source-package/python-oauth2 There are two open security problems with python-oauth2. It has been removed from testing also and will not be in the next stable release of Debian unless these bugs are fixed. irl@orbiter:~$ apt-cache rdepends python-oauth2 python-oauth2 Reverse Depends: turses python-django-social-auth python-keystone python-django-oauth-plus python-djangorestframework python-django-social-auth There are also a number of packages that depend on python-oauth2 that will disappear on the next stable release. Is there currently any effort to patch these problems in python-oauth2? I notice these bugs were filed on the 13th Sep 2013. There has been no activity in the python-oauth2 on GitHub in over 2 years as far as I can see. If there is no effort to fix these bugs, could someone recommend an alternative package to depend on to provide OAuth2 client functionality for a Python module? I think upstream would likely be willing to refactor for the new library. Thanks, Iain. -- urn:x-human:Iain R. Learmonth http://iain.learmonth.me/ mailto:i...@fsfe.org xmpp:i...@jabber.fsfe.org tel:+447875886930 GPG Fingerprint: 1F72 607C 5FF2 CCD5 3F01 600D 56FF 9EA4 E984 6C49 Please verify out-of-band before trusting with sensitive information. [[[ To any GCHQ or other security service agents reading my email: ]]] [[[ Please consider if any professional body code of conduct to ]]] [[[ which you subscribe requires you to follow Snowden's example. ]]] [[[ Your professional membership, chartered or incorporated status ]]] [[[ may be at risk. ]]]
signature.asc
Description: OpenPGP digital signature