2.4.0 uploaded (as requested in security review) with repoze-who support
disabled in testing and pushed back to a suggests at runtime.
Please can this MIR be reviewed on this basis.
** Changed in: python-repoze.who (Ubuntu)
Status: Incomplete = Invalid
** Summary changed:
- [MIR]
2.4.0 uploaded (as requested in security review) with repoze-who support
disabled in testing and pushed back to a suggests at runtime.
Please can this MIR be reviewed on this basis.
** Changed in: python-repoze.who (Ubuntu)
Status: Incomplete = Invalid
** Summary changed:
- [MIR]
Seth
Bumping pysaml2 to 2.3.0 is probably not to much of a stretch this late
in cycle, but repoze.who 1.0.18 - 2.2 does feel like a big jump post
freeze - esp as it has reverse-depends outside of this chain.
Keystone federation (requring pysaml2) landed as part of core in kilo-3
so will focus on
Seth
Bumping pysaml2 to 2.3.0 is probably not to much of a stretch this late
in cycle, but repoze.who 1.0.18 - 2.2 does feel like a big jump post
freeze - esp as it has reverse-depends outside of this chain.
Keystone federation (requring pysaml2) landed as part of core in kilo-3
so will focus on
Here's an idea - I'm not sure keystone is using the repoze.who feature,
so we could disable this as a BD (and the assocated test) and push it
back to Suggests.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to python-pysaml2 in Ubuntu.
Here's an idea - I'm not sure keystone is using the repoze.who feature,
so we could disable this as a BD (and the assocated test) and push it
back to Suggests.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
I got a response from Tres Seaver to some of the issues I raised in this
MIR:
Thanks for the report! 1.0.18 is a long time ago now (almost 4 1/2
years). The latest release is 2.2, and there will likely be a 2.2.1
released in the near future.
We are pretty unlikely to make another 1.x
I got a response from Tres Seaver to some of the issues I raised in this
MIR:
Thanks for the report! 1.0.18 is a long time ago now (almost 4 1/2
years). The latest release is 2.2, and there will likely be a 2.2.1
released in the near future.
We are pretty unlikely to make another 1.x
I reviewed python-repoze.who version 1.0.18-4 from Ubuntu vivid. This
should not be considered a full security audit but instead a quick gauge
of maintainability.
- python-repoze,who is a generic authentication middleware for python
applications; it sits between a wsgi server and application
I reviewed python-pysaml2 version 2.2.0-0ubuntu2 as found in Ubuntu vivid.
This should not be considered a full security audit, but rather a quick
gauge of maintainability.
- python-pysaml2 is a middleware designed to handle SAML2 authentication,
a competitor to oauth and FIDO. SAML2 is popular
I reviewed python-repoze.who version 1.0.18-4 from Ubuntu vivid. This
should not be considered a full security audit but instead a quick gauge
of maintainability.
- python-repoze,who is a generic authentication middleware for python
applications; it sits between a wsgi server and application
I reviewed python-pysaml2 version 2.2.0-0ubuntu2 as found in Ubuntu vivid.
This should not be considered a full security audit, but rather a quick
gauge of maintainability.
- python-pysaml2 is a middleware designed to handle SAML2 authentication,
a competitor to oauth and FIDO. SAML2 is popular
Michael
RE repoze.who; I'm not overly concerned at it being orphaned in Debian;
the package is a little out-of-date but I think its manageable within
the server team
I'll look at the xmlsec test suite/build failure issue soon
--
You received this bug notification because you are a member of
Michael
RE repoze.who; I'm not overly concerned at it being orphaned in Debian;
the package is a little out-of-date but I think its manageable within
the server team
I'll look at the xmlsec test suite/build failure issue soon
--
You received this bug notification because you are a member of
** Changed in: xmlsec1 (Ubuntu)
Assignee: Seth Arnold (seth-arnold) = (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1407695
Title:
[MIR] python-saml2, python-repoze.who, xmlsec1
** Changed in: xmlsec1 (Ubuntu)
Assignee: Seth Arnold (seth-arnold) = (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to python-pysaml2 in Ubuntu.
https://bugs.launchpad.net/bugs/1407695
Title:
[MIR] python-saml2,
python-pysaml2 is fine from a packaging point of view, but I'm also
going to pass to Seth for a quick look.
** Changed in: python-pysaml2 (Ubuntu)
Assignee: (unassigned) = Seth Arnold (seth-arnold)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which
python-pysaml2 is fine from a packaging point of view, but I'm also
going to pass to Seth for a quick look.
** Changed in: python-pysaml2 (Ubuntu)
Assignee: (unassigned) = Seth Arnold (seth-arnold)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
I was looking at xmlsec1 too, from a packaging perspective. And it
looks like test failures don't fail the build. That should be
addressed.
** Changed in: xmlsec1 (Ubuntu)
Status: New = Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
I was looking at xmlsec1 too, from a packaging perspective. And it
looks like test failures don't fail the build. That should be
addressed.
** Changed in: xmlsec1 (Ubuntu)
Status: New = Incomplete
--
You received this bug notification because you are a member of Ubuntu
Server Team,
Regarding python-repoze.who... It looks fine (has tests, bug
subscriber, no important bugs, etc). But it's orphaned in Debian. Can
I get a comment on how much of a problem the server team thinks that
will be?
I'll also pass to Seth for a quick look, since this is an authentication
module.
**
Regarding python-repoze.who... It looks fine (has tests, bug
subscriber, no important bugs, etc). But it's orphaned in Debian. Can
I get a comment on how much of a problem the server team thinks that
will be?
I'll also pass to Seth for a quick look, since this is an authentication
module.
**
Passing xmlsec1 to Jamie, since it has security surface.
** Changed in: xmlsec1 (Ubuntu)
Assignee: (unassigned) = Jamie Strandboge (jdstrand)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Passing xmlsec1 to Jamie, since it has security surface.
** Changed in: xmlsec1 (Ubuntu)
Assignee: (unassigned) = Jamie Strandboge (jdstrand)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to python-pysaml2 in Ubuntu.
** Changed in: xmlsec1 (Ubuntu)
Assignee: Jamie Strandboge (jdstrand) = Seth Arnold (seth-arnold)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to python-pysaml2 in Ubuntu.
https://bugs.launchpad.net/bugs/1407695
Title:
[MIR]
** Changed in: xmlsec1 (Ubuntu)
Assignee: Jamie Strandboge (jdstrand) = Seth Arnold (seth-arnold)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1407695
Title:
[MIR] python-saml2,
** Description changed:
python-pysaml2
Avaliability: In universe
Rationale: New dependency for keystone.
Security: No CVE's found.
- Quality assurance: Unit tests executed as part of package build.
+ Quality assurance: Unit tests executed as part of package build (two xfails).
** Description changed:
python-pysaml2
Avaliability: In universe
Rationale: New dependency for keystone.
Security: No CVE's found.
- Quality assurance: Unit tests executed as part of package build.
+ Quality assurance: Unit tests executed as part of package build (two xfails).
Still working on pysaml2 test suite enablement.
** Changed in: python-pysaml2 (Ubuntu)
Status: New = Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1407695
Title:
[MIR]
Still working on pysaml2 test suite enablement.
** Changed in: python-pysaml2 (Ubuntu)
Status: New = Incomplete
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to python-pysaml2 in Ubuntu.
https://bugs.launchpad.net/bugs/1407695
** Description changed:
python-pysaml2
Avaliability: In universe
Rationale: New dependency for keystone.
Security: No CVE's found.
Quality assurance: Unit tests executed as part of package build.
Dependencies: All in main apart from those identified on this MIR
Standards
** Description changed:
python-pysaml2
Avaliability: In universe
Rationale: New dependency for keystone.
Security: No CVE's found.
Quality assurance: Unit tests executed as part of package build.
Dependencies: All in main apart from those identified on this MIR
Standards
32 matches
Mail list logo