Your message dated Sat, 31 Aug 2019 06:59:08 +0000
with message-id <e1i3xlo-0009ur...@fasolo.debian.org>
and subject line Bug#938971: Removed package(s) from unstable
has caused the Debian Bug report #927066,
regarding python-gdata: Should not ship with Buster
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
927066: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927066
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: python-gdata
Version: 2.0.18+dfsg1-2
Severity: serious
Tags: buster sid
I am uploader of python-gdata and my intention is that it should not be
part of Debian Buster release.
There are two main reasons for it:
1) It does not actually work anymore: Google has shut down most of gdata
API backends [1]. Some of them like the YouTube data API continue to work
as per deprecation policy, but will most likely be shutdown during Buster
lifetime.
2) It is insecure: it bundles an ancient version of tlslite, which
has known vulnerabilities: at least CVE-2014-3566, CVE-2013-0169 and
CVE-2011-3389. Newer version of tlslite has been removed from Debian
in 2014, so I cannot even unbundle it.
I have filed bugs for all reverse dependencies in May 2018. At the moment
of writing this all reverse dependencies have been removed from Buster.
I am also going to get it removed from Sid later.
[1]: https://developers.google.com/gdata/docs/directory
--
Dmitry Shachnev
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Version: 2.0.18+dfsg1-2+rm
Dear submitter,
as the package python-gdata has just been removed from the Debian archive
unstable we hereby close the associated bug reports. We are sorry
that we couldn't deal with your issue properly.
For details on the removal, please see https://bugs.debian.org/938971
The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.
This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.
Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)
--- End Message ---
