Control: severity -1 important Hi,
Christoph Anton Mitterer <[email protected]> (2025-10-10): > IIRC, that recommends (which should have been a depends anyway) was > introduced because of #1076494. > > Looking at: > https://github.com/fail2ban/fail2ban/issues/3787#issuecomment-2213618204 > distutils is allegedly no longer used, and indeed a poor-man’s check: > $ grep -R distutils /usr/lib/python3/dist-packages/fail2ban > $ > seems to confirm this (for both, sid and trixie). > > So AFAICS, but please double check, the Recommends can be dropped. After merging my fail2ban integration for a customer's product (based on Debian 12 initially, merged into our Debian 13 environment), finally catching up with trixie, I was quite surprised to see the amount of extra packages being pulled when deploying. We have a number of Python packages already (50 of them), and the Debian 12 integration only pulled a few packages: - whois Meanwhile, on Debian 13, that's a lot more! - python3-autocommand - python3-inflect - python3-jaraco.context - python3-jaraco.functools - python3-jaraco.text - python3-more-itertools - python3-pkg-resources - python3-setuptools - python3-typeguard - python3-typing-extensions - python3-zipp - whois I've prepared a modified package and I can confirm the footprint is back to something that looks more reasonable (and in line with Debian 12): - whois Meanwhile, the default sshd jail is operational (thanks for fixing the systemd back thing, by the way), alongside a custom jail that leverages pyinotify (it scans access.log-like files). I'm really not sure it qualifies for a stable upload, but it seems to me that keeping the footprint of an important package like fail2ban (that one might want to deploy on many systems) to a minimum… deserves a little more than just “normal” severity. That being said, I'm definitely not pushing for a possible fix in stable, I'm not sure it qualifies in the first place, and I'm perfectly able to either live with the extra packages or with a locally-patched package… Maintainers, you'll find a patch against master attached, and I've pushed a pu/bug-1117706 branch for consideration. I haven't done any kind of tests within unstable or forky though. Thanks for your time, and thanks for maintaining fail2ban! Cheers, -- Cyril Brulebois -- Debian Consultant @ DEBAMAX -- https://debamax.com/
From 4eae7cafaa3060b64c38cd48739f47692ad96776 Mon Sep 17 00:00:00 2001 From: Cyril Brulebois <[email protected]> Date: Sat, 27 Dec 2025 03:34:53 +0100 Subject: [PATCH] Delete python3-setuptools from Recommends. - It was added to fix runtime crashes (See: #1076494). - The various references to distutils.version's LooseVersion were removed (via replace-distutils.patch), rendering that obsolete (See: #1104790). --- debian/changelog | 10 ++++++++++ debian/control | 1 - 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 2f272be7..ead7a5a8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,13 @@ +fail2ban (1.1.0-10) UNRELEASED; urgency=medium + + * Delete python3-setuptools from Recommends: + - It was added to fix runtime crashes (See: #1076494). + - The various references to distutils.version's LooseVersion were + removed (via replace-distutils.patch), rendering that obsolete + (See: #1104790). + + -- Cyril Brulebois <[email protected]> Sat, 27 Dec 2025 02:56:34 +0100 + fail2ban (1.1.0-9) unstable; urgency=medium * Team upload. diff --git a/debian/control b/debian/control index f9e64bb8..63eb135f 100644 --- a/debian/control +++ b/debian/control @@ -23,7 +23,6 @@ Package: fail2ban Architecture: all Depends: ${python3:Depends}, ${misc:Depends}, python3-systemd Recommends: nftables | iptables, whois, python3-pyinotify, - python3-setuptools Suggests: mailx, system-log-daemon, monit, sqlite3 Description: ban hosts that cause multiple authentication errors Fail2ban monitors log files (e.g. /var/log/auth.log, -- 2.39.5
signature.asc
Description: PGP signature
