Debian Bug report logs - #1011155
python-cryptography: please update to latest >= v35 releases

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Agathe Porte <debian@microjoe.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: python-cryptography: please update to latest >= v35 releases

Date: Tue, 17 May 2022 18:42:58 +0200

Source: python-cryptography
Version: 3.4.8-1
Severity: wishlist
X-Debbugs-Cc: debian@microjoe.org

Dear Maintainer,

- The debian version of cryptography (3.4.8) is from 2021-08-24 [0][1].
- The latest upstream release is May 4th, 2022 [1].

Making it almost 8 months late behind upstream.

This update may have been delayed because the upstream versions starting
from 35.0.0 to require some Rust dependencies [2]. Given that the
current Rust integration in Debian seems reasonable to me [3], I do not
see if this could be an issue preventing the upgrade.

As a side note, Fedora has been using latest >=35 upstream releases
since Fedora 36 [4], so it should be technically feasible.

If there are other reasons for avoiding to keep up with upstream
releases, please let us know in this ticket.

Best regards,

Agata.

[0] https://tracker.debian.org/pkg/python-cryptography
[1] https://pypi.org/project/cryptography/#history
[2] https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst#3500---2021-09-29=
[3] https://wiki.debian.org/Teams/RustPackaging
[4] https://src.fedoraproject.org/rpms/python-cryptography

Message #10 received at 1011155@bugs.debian.org (full text, mbox, reply):

From: Alex Gaynor <alex.gaynor@gmail.com>

To: 1011155@bugs.debian.org

Date: Fri, 29 Jul 2022 10:07:04 -0400

As one of the maintainers of pyca/cryptography, I'm strongly in favor
of upgrading. Older releases do not receive support (including
security fixes) from the maintainers. And in the past few releases
we've added many new features, support for more strong cryptographic
algorithms, and significantly improved performance.

Message #19 received at 1011155@bugs.debian.org (full text, mbox, reply):

From: Carsten Schoenert <c.schoenert@t-online.de>

To: Claudius Heine <ch@denx.de>, Tristan Seligmann <mithrandi@debian.org>

Cc: Alex Gaynor <alex.gaynor@gmail.com>, 1011155@bugs.debian.org, Agathe Porte <debian@microjoe.org>

Subject: Bug#1011155: python-cryptography - please update to latest >= v35 releases

Date: Tue, 6 Dec 2022 07:05:44 +0100

Hello Claudius, hello Tristan,

I'd like to ask if there are some more major issues outstanding to get
python-cryptography updated to a recent version as we are getting cloder
to the first freeze date of the bookworm release.

What is the status for this wishlist bug report?
I think it's quite important to get really recent versions ready for the
bookworm release, especially in the segement of cryptography.

Is there something a required update would need some help?

Am Fri, Jul 29, 2022 at 10:07:04AM -0400 schrieb Alex Gaynor:
> As one of the maintainers of pyca/cryptography, I'm strongly in favor
> of upgrading. Older releases do not receive support (including
> security fixes) from the maintainers. And in the past few releases
> we've added many new features, support for more strong cryptographic
> algorithms, and significantly improved performance.

Regrads and thanks!
Carsten

Message #24 received at 1011155@bugs.debian.org (full text, mbox, reply):

From: Claudius Heine <ch@denx.de>

To: Carsten Schoenert <c.schoenert@t-online.de>, 1011155@bugs.debian.org, Tristan Seligmann <mithrandi@debian.org>

Cc: Alex Gaynor <alex.gaynor@gmail.com>, Agathe Porte <debian@microjoe.org>

Subject: Re: Bug#1011155: python-cryptography - please update to latest >= v35 releases

Date: Tue, 6 Dec 2022 08:38:11 +0100

Hi Carsten,

On 2022-12-06 07:05, Carsten Schoenert wrote:
> Hello Claudius, hello Tristan,
> 
> I'd like to ask if there are some more major issues outstanding to get
> python-cryptography updated to a recent version as we are getting cloder
> to the first freeze date of the bookworm release.
> 
> What is the status for this wishlist bug report?
> I think it's quite important to get really recent versions ready for the
> bookworm release, especially in the segement of cryptography.
> 
> Is there something a required update would need some help?

python-cryptography depends on the rust packages pyo3 and asn1, which 
both are now in unstable. However they have autopkgtest issues and are 
stuck there for now. For asn1 I fixed those:

https://salsa.debian.org/rust-team/debcargo-conf/-/blob/master/src/asn1/debian/changelog

So this is currently waiting for a sponsor.

For pyo3 I also fixed them here:
https://salsa.debian.org/rust-team/debcargo-conf/-/merge_requests/395

Those changes need to be reviewed, merged and then uploaded.

regards,
Claudius

> 
> Am Fri, Jul 29, 2022 at 10:07:04AM -0400 schrieb Alex Gaynor:
>> As one of the maintainers of pyca/cryptography, I'm strongly in favor
>> of upgrading. Older releases do not receive support (including
>> security fixes) from the maintainers. And in the past few releases
>> we've added many new features, support for more strong cryptographic
>> algorithms, and significantly improved performance.
> 
> Regrads and thanks!
> Carsten

Message #31 received at 1011155@bugs.debian.org (full text, mbox, reply):

From: Bastian Germann <bage@debian.org>

To: 1011155@bugs.debian.org

Subject: Re: Bug#1011155: python-cryptography - please update to latest >= v35 releases

Date: Mon, 12 Dec 2022 16:53:04 +0100

Hi Tristan,

If you have not reacted by the end of the week, I am going to team-upload the package to go ahead with this.

Thanks,
Bastian

Message #36 received at 1011155@bugs.debian.org (full text, mbox, reply):

From: Sandro Tosi <morph@debian.org>

To: Bastian Germann <bage@debian.org>, 1011155@bugs.debian.org

Subject: Re: Bug#1011155: python-cryptography - please update to latest >= v35 releases

Date: Mon, 12 Dec 2022 11:05:15 -0500

> If you have not reacted by the end of the week, I am going to team-upload the package to go ahead with this.

are the rust dependencies in unstable and updated to the version
needed by cryptography?

-- 
Sandro "morph" Tosi
My website: http://sandrotosi.me/
Me at Debian: http://wiki.debian.org/SandroTosi
Twitter: https://twitter.com/sandrotosi

Message #41 received at 1011155@bugs.debian.org (full text, mbox, reply):

From: Bastian Germann <bage@debian.org>

To: Sandro Tosi <morph@debian.org>, 1011155@bugs.debian.org

Subject: Re: Bug#1011155: python-cryptography - please update to latest >= v35 releases

Date: Mon, 12 Dec 2022 17:06:54 +0100

Am 12.12.22 um 17:05 schrieb Sandro Tosi:
>> If you have not reacted by the end of the week, I am going to team-upload the package to go ahead with this.
> 
> are the rust dependencies in unstable and updated to the version
> needed by cryptography?

Yes, they are in unstable for some weeks and as of today they are in bookworm.

Message #46 received at 1011155@bugs.debian.org (full text, mbox, reply):

From: Claudius Heine <ch@denx.de>

To: Bastian Germann <bage@debian.org>, 1011155@bugs.debian.org, Sandro Tosi <morph@debian.org>

Subject: Re: Bug#1011155: python-cryptography - please update to latest >= v35 releases

Date: Mon, 12 Dec 2022 18:49:30 +0100

Hi,

On 2022-12-12 17:06, Bastian Germann wrote:
> Am 12.12.22 um 17:05 schrieb Sandro Tosi:
>>> If you have not reacted by the end of the week, I am going to 
>>> team-upload the package to go ahead with this.
>>
>> are the rust dependencies in unstable and updated to the version
>> needed by cryptography?
> 
> Yes, they are in unstable for some weeks and as of today they are in 
> bookworm.

I updated all MRs for 38.0.4:


https://salsa.debian.org/python-team/packages/python-cryptography/-/merge_requests


https://salsa.debian.org/python-team/packages/python-cryptography-vectors/-/merge_requests

So this is ready for review.

regards,
Claudius

Message #51 received at 1011155-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

To: 1011155-close@bugs.debian.org

Subject: Bug#1011155: fixed in python-cryptography 38.0.4-1

Date: Thu, 15 Dec 2022 17:35:57 +0000

Source: python-cryptography
Source-Version: 38.0.4-1
Done: Sandro Tosi <morph@debian.org>

We believe that the bug you reported is fixed in the latest version of
python-cryptography, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1011155@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sandro Tosi <morph@debian.org> (supplier of updated python-cryptography package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 15 Dec 2022 12:00:09 -0500
Source: python-cryptography
Architecture: source
Version: 38.0.4-1
Distribution: unstable
Urgency: medium
Maintainer: Tristan Seligmann <mithrandi@debian.org>
Changed-By: Sandro Tosi <morph@debian.org>
Closes: 1011155
Changes:
 python-cryptography (38.0.4-1) unstable; urgency=medium
 .
   [ Claudius Heine ]
   * New upstream release (Closes: #1011155).
   * Dropped openssl3 patches, no longer required.
   * Integrated build of embedded rust library.
   * debian/control
     - bump b-d on cryptography-vectors to 38.0.4
     - build using pybuild-plugin-pyproject
     - remove dependencies dropped by upstream
     - add pytest-benchmark to b-d, needed for tests
     - add setuptools-rust to b-d, needed for the Rust part of the build
     - add cargo and other rust pkgs to b-d
     - bump Standards-Version to 4.6.1 (no changes needed)
   * debian/pydist-overrides, debian/py3dist-overrides
     - remove dependencies dropped by upstream
   * debian/rules
     - enable the Rust build
     - override dh_dwz to disable multifile
   * debian/patches/no-rust.patch
     - removed, we are actually building the Rust code now
   * debian/python-cryptography-doc.doc-base
     - add doc-base
   * debian/source/options
     - exclude some packaging files updated during build
   * debian/patches/Upgrade-to-pyo3-0.*
     - add support for pyo3 0.16 and 0.17
   * debian/patches/allow-pem-version-1.0.patch
     - relax pem rust versioned dependency
   * debian/patches/ease-asn1-version-from-0.12.1-to-0.12.patch
     - relax asn1 rust versioned dependency
   * debian/patches/ease-chrono-dependency-from-0.4.22-to-0.4.patch
     - relax chrono rust versioned dependency
 .
   [ Sandro Tosi ]
   * debian/control
     - run wrap-and-sort
Checksums-Sha1:
 86f55b496d9398a61ad513928f5640ac7252c093 3538 python-cryptography_38.0.4-1.dsc
 b78bfafc114088c11298d69367b9f98a3bbb41db 599786 python-cryptography_38.0.4.orig.tar.gz
 aecb408cfb72c3224ed7c0da7c82acda5c0df43e 488 python-cryptography_38.0.4.orig.tar.gz.asc
 774d3b0f3dc2b5d6fefdc26f21dd999c3e2de96a 21232 python-cryptography_38.0.4-1.debian.tar.xz
 6089e1d7de50741fbba4d912e976b172b986c33d 16475 python-cryptography_38.0.4-1_source.buildinfo
Checksums-Sha256:
 3bb64b7d5d61fe35b4de84c83c774cc4281276cba0e210016959423a0a24a375 3538 python-cryptography_38.0.4-1.dsc
 175c1a818b87c9ac80bb7377f5520b7f31b3ef2a0004e2420319beadedb67290 599786 python-cryptography_38.0.4.orig.tar.gz
 09ddc5bab3140faba2fe03980b6d167d2ff1980ed55d0fa8399caa7a42d765ff 488 python-cryptography_38.0.4.orig.tar.gz.asc
 4a6d00d8b2cc4d82ce329fda525b03159d7244dc148b8d39ab4770b75abc7191 21232 python-cryptography_38.0.4-1.debian.tar.xz
 ac85f880886a0a4c1b6868ec40d94e690afdfbef7e7bec3938ee4b4f6a847655 16475 python-cryptography_38.0.4-1_source.buildinfo
Files:
 cffa0bcfed0fa075119b258ba5a97fdb 3538 python optional python-cryptography_38.0.4-1.dsc
 2b8b23b955b43994f222f78faf17713b 599786 python optional python-cryptography_38.0.4.orig.tar.gz
 7b235f46357e0f9192f0a13028978ba5 488 python optional python-cryptography_38.0.4.orig.tar.gz.asc
 7db7843242aec7de3605f4848123f834 21232 python optional python-cryptography_38.0.4-1.debian.tar.xz
 260803000b8ded35a3977cdadf7a800e 16475 python optional python-cryptography_38.0.4-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEufrTGSrz5KUwnZ05h588mTgBqU8FAmObVdEACgkQh588mTgB
qU/4gw//U6IJT9hzcfFbHGG24AKv+foJB7BsXZ0bmyRQt42GaAmL+ahD3DIaejBu
hGV/6Pngvo0/NWCkyfO8OeQXCrJu9AQe1M61kqq9RzSmj6xCL1FOfBppRzSVIPI8
YM1G3ZdayX0UKwcqgLxF5LZAIx4gB9dAyBccbGI0k9MVJ8bK14kPZqs4hSz/O7w9
SgiMp5iM9KW0Xss8+2+7D1iTzW3AIlkyLkSAmOk9Idnr/3hz33lyZOvpNNUJ2OR5
kJbyihOI9Zre5EAXKgZ2WdmBfur4aT/K83UC8MP7BIZbelvIAE4Ppps+U5X6+pRv
dOgkKMGtOz2MUX6R11QDX5C0DjOnjGHD0+X7YIR/e0NEI2yjz/EC9SaRQyolDW7y
Rt4MG+7PqQVosYzBBMlN2hUjl8H0nLdgXyfsVhT90AHeyIbbJiUKSPOVpGKu02C9
dENgSwbXbcOXm3O0I7j6Nme0UH1xUbv11YDwT+YW/kN7/wCwKFxSyWJR0M/sO7hI
rWaqleRC0vViXtPP+6bF2LUjDqWppzAe1oSktToW7CLBN9tUaKtimhvoPaKxo6G5
uTlOIQ9RB/n2h8Lb184knc78p4yLD4dr+8+8ctFGPEFbyFvrm12vqUsFR7Cmcz96
6MLDPiiCtSPtoFSnmmBf8Br0Q27BxDt6NDNrT/43yYNalFHfnmc=
=bPCn
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.