On 11 October 2016 at 02:18, Kevin Kofler wrote:
> Charalampos Stratakis wrote:
>> tox is THE main reason for multiple interpreters in Fedora.
>>
>> So no the comments are not contradictory but it seems there is a lack of
>> (technical) understanding of the actual
Dne 11.10.2016 v 12:57 Petr Viktorin napsal(a):
>
> The alternative to packaging those Pythons in Fedora is putting them
> in some COPR. I believe this would send a bad message. If we want to
> make Fedora friendly for Python developers, we should make
> cross-version testing officially
On Tue, Oct 11, 2016 at 09:50:13AM +0200, Vít Ondruch wrote:
>
>
> Dne 11.10.2016 v 01:59 Zbigniew Jędrzejewski-Szmek napsal(a):
> > On Mon, Oct 10, 2016 at 10:29:16AM +0200, Vít Ondruch wrote:
> >>
> >> Dne 9.10.2016 v 05:42 Nick Coghlan napsal(a):
> >>> On 8 October 2016 at 23:13, Kevin Kofler
On 10/10/2016 06:18 PM, Kevin Kofler wrote:
Charalampos Stratakis wrote:
tox is THE main reason for multiple interpreters in Fedora.
So no the comments are not contradictory but it seems there is a lack of
(technical) understanding of the actual situation here, but I may be wrong
here, so
I'd like to apologize for the wording "No security fixes will be
applied". It was meant as a warning to users who might install the
package without knowing what it is for, not as a declaration that we
won't maintain the package properly.
The "python26" package is meant to provide just that --
Dne 11.10.2016 v 01:59 Zbigniew Jędrzejewski-Szmek napsal(a):
> On Mon, Oct 10, 2016 at 10:29:16AM +0200, Vít Ondruch wrote:
>>
>> Dne 9.10.2016 v 05:42 Nick Coghlan napsal(a):
>>> On 8 October 2016 at 23:13, Kevin Kofler wrote:
These python[23][1-9] packages are
On Mon, Oct 10, 2016 at 10:29:16AM +0200, Vít Ondruch wrote:
>
>
> Dne 9.10.2016 v 05:42 Nick Coghlan napsal(a):
> > On 8 October 2016 at 23:13, Kevin Kofler wrote:
> >> These python[23][1-9] packages are entirely unnecessary and should go away
> >> ASAP.
> > They're not
Charalampos Stratakis wrote:
> Nevertheless, at the link that I posted before, you can see for yourself
> the exact use case, so that should make things clear enough. Contradictory
> or not (as I said maybe the original descriptions possibly need to be
> rephrased), arguing about that does not
+1
There is no need to keep broken deprecated stuff in fedora repositories. If
somebody really wants to use this, use a COPR. Or use the distro with
conservative risky update policy you are developing against (CentOS, RHEL,
Debian, Ubuntu, …).
___
- Original Message -
From: "Kevin Kofler" <kevin.kof...@chello.at>
To: devel@lists.fedoraproject.org
Sent: Monday, October 10, 2016 6:18:19 PM
Subject: Re: including EOL and vulnerable software in Fedora
> If no package is allowed to require the old Pythons (an
Charalampos Stratakis wrote:
> tox is THE main reason for multiple interpreters in Fedora.
>
> So no the comments are not contradictory but it seems there is a lack of
> (technical) understanding of the actual situation here, but I may be wrong
> here, so please correct me if you think so.
>
>
Charalampos Stratakis wrote:
> If people's issues is just the CVE's, and then everything will be fine, we
> can go and fix all the CVE's discovered so far.
That would be a good start.
Kevin Kofler
___
devel mailing list --
- Original Message -
From: "Kevin Kofler" <kevin.kof...@chello.at>
To: devel@lists.fedoraproject.org
Sent: Monday, October 10, 2016 4:14:30 PM
Subject: Re: including EOL and vulnerable software in Fedora
> Your explanation does not solve the inherent contradiction betw
Petr Viktorin wrote:
> Indeed, there's a disconnect here. The old Pythons are intended for
> *upstream* development/testing.
Your explanation does not solve the inherent contradiction between:
>> churchyard (in the FESCo tracker):
>> | These packages are not intended to be used as dependencies
On 10/09/2016 05:39 PM, Kevin Kofler wrote:
Nick Coghlan wrote:
They're not unnecessary for Python developers, as if you want to make
sure you're not accidentally using any features from later versions of
Python, the only way to reliably check that is to actually test your
code on those older
On Mon, Oct 10, 2016 at 11:32:43AM +0200, Dominik 'Rathann' Mierzejewski wrote:
> On Monday, 10 October 2016 at 11:07, Florian Weimer wrote:
> > On 10/07/2016 06:43 PM, Dominik 'Rathann' Mierzejewski wrote:
> >
> > > I was made aware that EOL software with known security bugs that will
> > > not
On Monday, 10 October 2016 at 11:07, Florian Weimer wrote:
> On 10/07/2016 06:43 PM, Dominik 'Rathann' Mierzejewski wrote:
>
> > I was made aware that EOL software with known security bugs that will
> > not be fixed upstream (due to EOL status) was reviewed and accepted into
> > Fedora recently.
- Original Message -
From: "Kevin Kofler" <kevin.kof...@chello.at>
To: devel@lists.fedoraproject.org
Sent: Saturday, October 8, 2016 3:13:10 PM
Subject: Re: including EOL and vulnerable software in Fedora
> * should not be necessary to run software, software for Python
On 10/07/2016 06:43 PM, Dominik 'Rathann' Mierzejewski wrote:
I was made aware that EOL software with known security bugs that will
not be fixed upstream (due to EOL status) was reviewed and accepted into
Fedora recently.
Fedora relies on EOLed components pretty much across the system
This seems highly unlikely
Charalampos Stratakis
Associate Software Engineer
Python Maintenance Team, Red Hat
- Original Message -
From: "Kevin Kofler" <kevin.kof...@chello.at>
To: devel@lists.fedoraproject.org
Sent: Sunday, October 9, 2016 5:39:00 PM
Subject: R
On Mon, Oct 10, 2016 at 10:29 AM, Vít Ondruch wrote:
>
>
> Dne 9.10.2016 v 05:42 Nick Coghlan napsal(a):
>> On 8 October 2016 at 23:13, Kevin Kofler wrote:
>>> These python[23][1-9] packages are entirely unnecessary and should go away
>>> ASAP.
>>
Dne 9.10.2016 v 05:42 Nick Coghlan napsal(a):
> On 8 October 2016 at 23:13, Kevin Kofler wrote:
>> These python[23][1-9] packages are entirely unnecessary and should go away
>> ASAP.
> They're not unnecessary for Python developers, as if you want to make
> sure you're
Nick Coghlan wrote:
> They're not unnecessary for Python developers, as if you want to make
> sure you're not accidentally using any features from later versions of
> Python, the only way to reliably check that is to actually test your
> code on those older versions. Tools like "tox" make that
On Sat, Oct 8, 2016 at 11:42 PM, Nick Coghlan wrote:
> On 8 October 2016 at 23:13, Kevin Kofler wrote:
>> These python[23][1-9] packages are entirely unnecessary and should go away
>> ASAP.
>
> They're not unnecessary for Python developers, as if you
On 8 October 2016 at 23:13, Kevin Kofler wrote:
> These python[23][1-9] packages are entirely unnecessary and should go away
> ASAP.
They're not unnecessary for Python developers, as if you want to make
sure you're not accidentally using any features from later versions
Dominik 'Rathann' Mierzejewski wrote:
> My proposal is:
> 1. Prevent EOL software with known security vulnerabilities from
> entering Fedora in the first place, i.e. make it a review bullet point
> (if the package is EOL it MUST NOT have any known security
> vulnerabilties). If existing packages
On Friday, 07 October 2016 at 19:35, Zbigniew Jędrzejewski-Szmek wrote:
> On Fri, Oct 07, 2016 at 06:43:10PM +0200, Dominik 'Rathann' Mierzejewski
> wrote:
> > Dear All,
> > I was made aware that EOL software with known security bugs that will
> > not be fixed upstream (due to EOL status) was
On Fri, Oct 07, 2016 at 06:43:10PM +0200, Dominik 'Rathann' Mierzejewski wrote:
> Dear All,
> I was made aware that EOL software with known security bugs that will
> not be fixed upstream (due to EOL status) was reviewed and accepted into
> Fedora recently. This came on the back of the FPC ticket
On Fri, Oct 07, 2016 at 06:43:10PM +0200, Dominik 'Rathann' Mierzejewski wrote:
> Dear All,
> I was made aware that EOL software with known security bugs that will
> not be fixed upstream (due to EOL status) was reviewed and accepted into
> Fedora recently. This came on the back of the FPC ticket
29 matches
Mail list logo