Package: debian-security-support Version: 1:13+2025.07.16 Severity: normal X-Debbugs-Cc: [email protected] Control: affects -1 src:cython
Ahoy, I installed debian-security-support on my mostly-fresh Trixie system and was surprised to see this assertion: > Unfortunately, it has been necessary to limit security support for some > packages. > > The following packages found on this system are affected by this: > > * Source:cython > Details: Only included for building packages, not running them, #975058 > Affected binary package: > - cython3 (installed version: 3.0.11+dfsg-2+b1) I was curious so I checked that bug #975058, which is for debian-security-support in regards to "Python 2 support state for Bullseye." And the rationale there is explicit: > Python 2 in Bullseye is only shipped for build dependencies (but not for > runtime dependencies). Of course Python 2 is not in Trixie and the 'cython' *binary* package doesn't exist anymore: the Cython source package builds only 'cython3' and 'cython-dbg'. The changelog says any Python 2 bits are long long: > cython (0.29.14-2) unstable; urgency=medium > > * Team upload. > * Drop python2 support; Closes: #936363, #942939, #906699 > * Switch to pybuild > > -- Sandro Tosi <[email protected]> Wed, 24 Jun 2020 23:54:03 -0400 In fact the debian-security-support changelog says Cython was added several months *after* it dropped its Python 2 support, so doesn't this mean including Cython at all was always a mistake? > debian-security-support (1:11+2020.11.18) unstable; urgency=medium > . > * Add python2.7, cython and python-stdlib-extensions to > security-support-limited, as they are only included for building > packages, > not running them. Closes: #975058. I don't know much about the Python ecosystem but it does look like Cython shouldn't have been added at all, and it's likely a false alarm on Trixie now. -- System Information: Debian Release: 13.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.12.43+deb13-amd64 (SMP w/2 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages debian-security-support depends on: ii adduser 3.152 ii debconf [debconf-2.0] 1.5.91 ii gettext-base 0.23.1-2 debian-security-support recommends no packages. debian-security-support suggests no packages. -- debconf information: debian-security-support/ended: debian-security-support/earlyend: * debian-security-support/limited:
signature.asc
Description: This is a digitally signed message part
smime.p7s
Description: S/MIME cryptographic signature
