Bug#1064979: O: python-cryptography -- Python library exposing cryptographic recipes and primitives (documentation)
Le jeu. 29 févr. 2024 à 12:06, Andreas Tille a écrit : > Hi, > > as per bug #1064979 python-cryptography was orphaned. Actually the > process of orphaninig is defined differently[1] by setting QA team as > maintainer. In this case DPT remains maintainer but there is no > Uploader specified any more. I personally will not add my ID as > Uploader. I have added those team members who did uploads in the last > year in CC. > Good idea since I'm all right with helping to maintain it. I did the 41 upgrade so I'm already familiar with it. I'll AMAU unless someone is more motivated. Source package python-cryptography-vectors needs the same treatment. I tried to do some bug squashing anyway. Since the latest version was > requested in bug #1063771 and this new version also closes #1064778 > (CVE-2024-26130) (the other CVE-bug should have been closed in previous > upload) I decided to inject latest upstream, adapted the patches and > pushed to Git. Unfortunately the package does not build as you can > verify in Salsa CI[1]. I admit I have no clue how to fix this but I hope someone can take over > from here. I guess uploading to experimental first and see how it > plays nicely with its lots of rdepends makes sense here. Version 42 needs some rust deps to be updated as well, last time I checked, and I was in wait-and-see mode about those. Jérémy
Bug#1064979: O: python-cryptography -- Python library exposing cryptographic recipes and primitives (documentation)
Hi, as per bug #1064979 python-cryptography was orphaned. Actually the process of orphaninig is defined differently[1] by setting QA team as maintainer. In this case DPT remains maintainer but there is no Uploader specified any more. I personally will not add my ID as Uploader. I have added those team members who did uploads in the last year in CC. I tried to do some bug squashing anyway. Since the latest version was requested in bug #1063771 and this new version also closes #1064778 (CVE-2024-26130) (the other CVE-bug should have been closed in previous upload) I decided to inject latest upstream, adapted the patches and pushed to Git. Unfortunately the package does not build as you can verify in Salsa CI[1]. I admit I have no clue how to fix this but I hope someone can take over from here. I guess uploading to experimental first and see how it plays nicely with its lots of rdepends makes sense here. Kind regards Andreas. PS: I would have expected that to orphan a team maintained package the team mailing list would have been CCed in the bug report. [1] https://www.debian.org/doc/manuals/developers-reference/pkgs.en.html#orphaning-a-package [2] https://salsa.debian.org/python-team/packages/python-cryptography/-/jobs/5381997 -- http://fam-tille.de
Bug#1064979: O: python-cryptography -- Python library exposing cryptographic recipes and primitives (documentation)
Package: wnpp Severity: normal X-Debbugs-Cc: python-cryptogra...@packages.debian.org, mo...@debian.org Control: affects -1 + src:python-cryptography I intend to orphan the python-cryptography package. The package description is: The cryptography library is designed to be a "one-stop-shop" for all your cryptographic needs in Python. . As an alternative to the libraries that came before it, cryptography tries to address some of the issues with those libraries: - Lack of PyPy and Python 3 support. - Lack of maintenance. - Use of poor implementations of algorithms (i.e. ones with known side-channel attacks). - Lack of high level, "Cryptography for humans", APIs. - Absence of algorithms such as AES-GCM. - Poor introspectability, and thus poor testability. - Extremely error prone APIs, and bad defaults. . This package contains the documentation for cryptography.