XPost: linux.debian.devel.release

Hi,

[including Chris in CC]

On Sun, Oct 20, 2024 at 09:05:43AM +0200, Paul Gevers wrote:

Hi Steve,

On 29-08-2024 17:05, Steve McIntyre wrote:

I've already spent some time looking at this, and in fact there are *already* changes in our version of django-storages that are clearly expected to work with the fixes in django. But they're not. I'm
digging in further to see whether it's something I've done or a wider
bug. I don't*think* it's my fault, but stranger things have
happened!

At this point, I would say let's be safe and hang back on the django
update this - it will wait for the next point release.

As you are well aware, the next point release is around the corner: 9 November. Did anything happen, or should python-django be skipped one more time?

We will miss the 12.10 point release with these changes. Chris can you
help Steve here resolving the regressions and then include as well
fixes for the new CVEs which appeared in meanwhile?

Regards,
Salvatore

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.devel.release

Hi Chris,

On Fri, Mar 14, 2025 at 06:38:56AM +0100, Salvatore Bonaccorso wrote:

Hi,

[including Chris in CC]

On Sun, Oct 20, 2024 at 09:05:43AM +0200, Paul Gevers wrote:

Hi Steve,

On 29-08-2024 17:05, Steve McIntyre wrote:

I've already spent some time looking at this, and in fact there are *already* changes in our version of django-storages that are clearly expected to work with the fixes in django. But they're not. I'm
digging in further to see whether it's something I've done or a wider bug. I don't*think* it's my fault, but stranger things have
happened!

At this point, I would say let's be safe and hang back on the django update this - it will wait for the next point release.

As you are well aware, the next point release is around the corner: 9 November. Did anything happen, or should python-django be skipped one more time?

We will miss the 12.10 point release with these changes. Chris can you
help Steve here resolving the regressions and then include as well
fixes for the new CVEs which appeared in meanwhile?

Any updates here? The date for the 12.11 point release is not yet set,
but would be great to have the python-django CVEs currently known
fixed in the next point release.

Regards,
Salvatore

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.devel.release

Hi again Chris!

El 19/04/25 a las 21:16, Salvatore Bonaccorso escribió:

Hi Chris,

On Fri, Mar 14, 2025 at 06:38:56AM +0100, Salvatore Bonaccorso wrote:

Hi,

[including Chris in CC]

On Sun, Oct 20, 2024 at 09:05:43AM +0200, Paul Gevers wrote:

Hi Steve,

On 29-08-2024 17:05, Steve McIntyre wrote:

I've already spent some time looking at this, and in fact there are *already* changes in our version of django-storages that are clearly expected to work with the fixes in django. But they're not. I'm
digging in further to see whether it's something I've done or a wider bug. I don't*think* it's my fault, but stranger things have
happened!

At this point, I would say let's be safe and hang back on the django update this - it will wait for the next point release.

As you are well aware, the next point release is around the corner: 9 November. Did anything happen, or should python-django be skipped one more
time?

We will miss the 12.10 point release with these changes. Chris can you
help Steve here resolving the regressions and then include as well
fixes for the new CVEs which appeared in meanwhile?

Any updates here? The date for the 12.11 point release is not yet set,
but would be great to have the python-django CVEs currently known
fixed in the next point release.

As a follow up of https://lists.debian.org/debian-lts/2025/05/msg00023.html,
I forgot to check if a pu for python-django was in the queue. And I
would just like to point you out about the above questions from
Salvatore.

Chris, the next point release window is closing this week-end. Do you
think you could help with that?
(WRT my debusine-related request, it doesn't matter of course if
python-django is updated via a point release instead of a security
update.)

Cheers!

-- Santiago

-----BEGIN PGP SIGNATURE-----

iHUEABYIAB0WIQR+lHTq7mkJOyB6t2Un3j1FEEiG7wUCaBuq9wAKCRAn3j1FEEiG 7+gJAP4n0krlowVYL6fkKB3eNeMqEVOS/w4HLiAJmBci8D571gEA9GMI/Y8N7VQ+ BTTO8juQx1MckW9aiNOZ8pNso35V6wQ=
=7/yo
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.devel.release

El 08/05/25 a las 13:05, Chris Lamb escribió:

Hi Santiago,

Hi Chris,

As a follow up of https://lists.debian.org/debian-lts/2025/05/msg00023.html,
I forgot to check if a pu for python-django was in the queue. And I
would just like to point you out about the above questions from
Salvatore.

Chris, the next point release window is closing this week-end. Do you
think you could help with that?

Unfortunately, I'm really really slammed right now so I don't feel
confident I can prepare a fully-tested pu for Django by this weekend.

Salvatore's questions are indeed still outstanding and haven't been
dropped — lot of stuff IRL recently so things have piled up. Slowly
digging my way out of the hole, however.

Thanks a lot for your answer. I hope all of that IRL stuff will get
solved soon.

Don't hesitate to speak up if you would like/need help from other LTS
team fellows!

All the best,

-- Santiago

-----BEGIN PGP SIGNATURE-----

iHUEABYIAB0WIQR+lHTq7mkJOyB6t2Un3j1FEEiG7wUCaB4nRwAKCRAn3j1FEEiG 74VFAQCfrP4tnrrzW67WIsTLjAnGLW7gSZA4BirBTdrfT8YigQD/ULdTqsZTqKsS jcvnNG+2gB1vQ8SpreNok7EIEIFwTgo=
=M6Ob
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)