Package: python-gdata Version: 2.0.18+dfsg1-2 Severity: serious Tags: buster sid
I am uploader of python-gdata and my intention is that it should not be part of Debian Buster release. There are two main reasons for it: 1) It does not actually work anymore: Google has shut down most of gdata API backends [1]. Some of them like the YouTube data API continue to work as per deprecation policy, but will most likely be shutdown during Buster lifetime. 2) It is insecure: it bundles an ancient version of tlslite, which has known vulnerabilities: at least CVE-2014-3566, CVE-2013-0169 and CVE-2011-3389. Newer version of tlslite has been removed from Debian in 2014, so I cannot even unbundle it. I have filed bugs for all reverse dependencies in May 2018. At the moment of writing this all reverse dependencies have been removed from Buster. I am also going to get it removed from Sid later. [1]: https://developers.google.com/gdata/docs/directory -- Dmitry Shachnev
signature.asc
Description: PGP signature
