Source: python-django Control: found -1 python-django/2:2.2.3-5 Severity: important User: debian-ci@lists.debian.org Usertags: breaks X-Debbugs-CC: debian-ci@lists.debian.org Affects: django-maintenancemode django-restricted-resource Affects: django-tables django-testscenarios factory-boy lava Affects: python-django python-django-debug-toolbar python-django-mptt Affects: python-sparkpost django-sekizai Dear maintainers, Your package is trying to fix a CVE, but at the same time dropping Python 2 support. There is a multitude of packages that need updating for that because they (test-) depend on python-django. I think it is smart to revert the Python 2 removal and have the security fix migrate to testing. I don't want to judge the severity of the CVE, but otherwise I recommend to remove python-django from testing until all the fall-out has been fixed. With a recent upload of python-django the autopkgtest of the packages in Affects: fail in testing when that autopkgtest is run with the binary packages of python-django from unstable. It passes when run with only packages from testing. Currently this regression is blocking the migration of python-django to testing [1], but otherwise the second part of britney would have blocked migration due to non-installability reasons. Paul PS: I failed to spot bugs against (some of) those packages communication the removal, I think that would be nice for those maintainers.
Attachment:
signature.asc
Description: OpenPGP digital signature