sbp commented on issue #617: URL: https://github.com/apache/tooling-trusted-releases/issues/617#issuecomment-3837098283
We appear to have introduced the bug in 1d2e7ab4239bec5fc3dea81ef97fbb76819616a9. As [a relevant comment in `atr/admin/__init__.py` warns](https://github.com/apache/tooling-trusted-releases/blob/1d2e7ab4239bec5fc3dea81ef97fbb76819616a9/atr/admin/__init__.py#L1138-L1139), ASFQuart uses a `committees` property in its `ClientSession` object, but `pmcs` in its cookie. The commit that introduced the bug [reads a `ClientSession` object](https://github.com/apache/tooling-trusted-releases/commit/1d2e7ab4239bec5fc3dea81ef97fbb76819616a9#diff-8d1b14eeec17e09e76cd6e0871583abdd4ce504815d1f48a6c1b0e6bbc648db0R419) which has a `committees` property, but then [writes it back to the cookie](https://github.com/apache/tooling-trusted-releases/commit/1d2e7ab4239bec5fc3dea81ef97fbb76819616a9#diff-8d1b14eeec17e09e76cd6e0871583abdd4ce504815d1f48a6c1b0e6bbc648db0R433) without changing `committees` to `pmcs`. The `asfquart.session.read()` method returns `ClientSession | None`, and the `asfquart.session.write(...)` method takes a `dict`. The reason why the type checker doesn't notice a mismatch is that `ClientSession` is a subclass of `dict`. Ideally both functions would return and take typed data, but raising a runtime error if `asfquart.session.write` receives a `ClientSession` at least may be an acceptable lightweight alternative. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
