On Sun, Apr 14, 2019 at 01:02:55PM +0100, Jonathan Wiltshire wrote: > On Thu, Apr 11, 2019 at 09:37:03PM -0400, William Blough wrote: > > I do not comment on your proposed fix, but I do question the value of > including this package in buster at all. If it is broken with Django > >=1.10, doesn't that mean the bug affects stable too and nobody has > noticed all this time?
That would appear to be the case. Popcon only reports about a dozen installs, so it doesn't appear to be widely used. The only assumptions I can make are that the people with it installed either aren't using it, or are using it with an older version of Django. Or maybe they installed it, discovered that it didn't work, and installed a newer version via pip instead (which admittedly is a wild guess - no evidence one way or the other). Regardless, I agree the numbers are low. > > Besides that it has had just one other upload since it was first in the > archive, which was also an NMU. What are the plans for its long-term > maintenance if it is indeed included in buster? With Stanford's WebAuth now EOL, one of the projects I work on at my employer is moving from WebAuth to CAS for SSO. I already maintain python-django-cas-server under the umbrella of the Python Modules Team, and my intent is to also supply whatever support is needed for python-django-casclient. Unfortunately, I noticed the state of the package too late to get everything in top shape in time for buster, but I would like to get this particular fix uploaded to stable in the next point release, as well as get the package updated to the latest upstream release for inclusion in backports and Bullseye. I plan to discuss co-maintenance and/or adoption of the package with the current maintainer in order to help make all of this happen. Does this sound reasonable, or do you think I'm going down the wrong path here?
