Re: Unresponsive maintainer for Fedora-EPEL python-django3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wednesday, November 27, 2024 12:07:29 AM GMT+1 Michel Lind wrote:
> On Tue, Nov 26, 2024 at 12:11:27PM -0300, Marco Benatto wrote:
> > Hello all,
> > 
> > We recently noticed there's a couple of PRs opened to fix
> > vulnerabilities in EPEL8 python-django3 with no response from the
> > maintainer (CC'ed). This is an important update as it fixes 4
> > different CVEs.
> > 
> > https://src.fedoraproject.org/rpms/python-django3/pull-request/2
> > 
> > I have raised a bugzilla bug asking for contact according
> > https://docs.fedoraproject.org/en-US/fesco/Policy_for_nonresponsive_package_maintainers/
> > 
> > https://bugzilla.redhat.com/show_bug.cgi?id=2328973
> > 
> > may i please have your help in contacting the maintainer?
> > 
> That PR was never in a state where it's merge-able, FYI

Michel, I know you are busy but let's avoid using nonsense excuses like this.

The pull request in question was ready to be merged on April 29th and then on
May 14th.  You have never replied on the pull request until the non-responsive
maintainer process was started:
https://src.fedoraproject.org/rpms/python-django3/pull-request/2#comment-196981

Thank you for submitting the update now!  Hopefully the process will be
smoother next time.

Kamil

>   - nothing provides python3.6dist(asgiref) >= 3.3.2 needed by python3-django3-3.2.25-1.el8.noarch from @commandline
> 
> There are also other avenues to ask for help - note that this package is
> co-maintained by the EPEL Packagers SIG, and I don't see any attempt to
> reach out on the epel-devel list.
> 
> While I have the attention from someone on prod sec, could you all fix
> your CVE scanners to *not* file Javascript bugs against packages that
> have JS code in their source code only as part of documentation and not
> in any binary packages? 90% of CVEs in my inbox are false positives


-- 
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux