Hi,
bringing this issue up to the release team.
Am Thu, Nov 03, 2022 at 09:04:50PM +0100 schrieb Paul Gevers:
>
> On 03-11-2022 18:03, Andreas Tille wrote:
> > its all about the fact that rdflib is broken and removed from testing.
> > We are nagging upstream constantly[1] with no success so far. This
> > issue creates noise about testing removals in about 100 packages and
> > is extremely annoying.
> &&
> On 03-11-2022 17:58, Jonas Smedegaard wrote:
> > no comment at bug#1012482 which includes a
> > suggestion (which I agree with) to lower the severity of that bug to
> > simply not be release-critical: Yes, naïve implementations of the RDF
> > protocol can be tricked into pulling data from the filesystem, because
> > URIs are not necessarily all http-based and failing to care for that
> > may lead to surprises - which would be neat if generic RDF processing
> > tools were to ensure protection against but in my opinion unreasonable
> > to *require*: As I understand it, the equivalent would be to kick out
> > libcurl from Debian because it doesn't offer the heavy and complex
> > sandboxing mechanisms implemented in (only the biggest) web browsers.
>
> I haven't spent time yet to make up *my* mind about the severity of the
> problem, but if people have serious doubts about the severity, the Release
> Team is the appropriate body in Debian to make that call. So if you believe
> the bug severity is too high, by all means bring it to the RT.
> That's why I filed these bugs today.
It would be really help if the noise this bug creates in the package
pool could be reduced.
Kind regards
Andras.
PS: Please CC me since I'm not subscribed to debian-release.
> > [1] https://github.com/RDFLib/rdflib/issues/1844
> _______________________________________________
> Debian-med-packaging mailing list
> debian-med-packag...@alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-med-packaging
--
http://fam-tille.de
