For some time, I have been maintaining python-jose[1] since it is a
minor test dependency for python-fastapi. While the Fedora package for
python-jose is in good condition, the project has been unmaintained
upstream for some time[2][3].
I have just chosen to skip the FastAPI tests that require python-jose
and orphan the python-jose package with the expectation that it will be
retired for F41. As an unmaintained security library, I do *not*
recommend picking it up and keeping it in Fedora – although I did not
feel strongly enough to choose immediate retirement over orphaning.
One package, python-social-auth-core[4], still depends on python-jose.
However, this dependency is removed upstream in social-auth-core release
4.5.0[5], so I recommend that the maintainers of that package update
it[6] rather than keeping python-jose around.
[1] https://src.fedoraproject.org/rpms/python-jose
[2] https://github.com/mpdavis/python-jose/issues/332
[3] https://github.com/mpdavis/python-jose/issues/340
[4] https://src.fedoraproject.org/rpms/python-social-auth-core
[5]
https://github.com/python-social-auth/social-core/blob/4.5.3/CHANGELOG.md#450---2023-10-31
[6] https://bugzilla.redhat.com/show_bug.cgi?id=2178870
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
