Hi, On 28-08-2024 13:58, Steve McIntyre wrote:
Apologies for the delayed response - busy weekend here...
Totally understood. :)
But the autopkgtest of python-django-storages fails [1]. This *appears* to me as a test problem we can accept, but maybe you or the python-django-storages maintainers can confirm?That does very much look like a test with broken assumptions, I'll be honest. Ah, I see... I can see that Josh Schneier (the upstream for django-storages) is the person responsible for the CVE against django in the first place - he spotted the issue and reported it. In https://github.com/jschneier/django-storages/commit/330966293a74f2dabda18fa2e4a221952bf010a9 there's a fix on his side to cope with the django change. It looks like we'll want that change backporting into python-django-storages. I can try to do that too if you like, but I appreciate we're getting very tight on time before the weekend. :-/
I'm not SRM, just trying to help out with the autopkgtest infrastructure and results. I'm predicting that SRM might not want a fixed python-django-storages this late, so I think it would help if you can advise the SRM: do you think the regression is less bad than leaving the CVE's unfixed or the other way around? I.e. accept the regression, or keep the fixed python-django out until the next point release (with a fixed python-django-storages).
Paul
OpenPGP_signature.asc
Description: OpenPGP digital signature
