Hey Paul! Apologies for the delayed response - busy weekend here...
On Sun, Aug 25, 2024 at 09:38:47AM +0200, Paul Gevers wrote: >Hi Steve and python-django-storages maintainers, > >On 23-08-2024 13:24, Steve McIntyre wrote: >> I've backported a lump of upstream CVE fixes for django to the version >> in bookworm. Chris Lamb has reviewed and approved the changes as one >> of the existing maintainers. >> >> The standard test suite all passes as expected. > >But the autopkgtest of python-django-storages fails [1]. This *appears* to me >as a test problem we can accept, but maybe you or the python-django-storages >maintainers can confirm? That does very much look like a test with broken assumptions, I'll be honest. Ah, I see... I can see that Josh Schneier (the upstream for django-storages) is the person responsible for the CVE against django in the first place - he spotted the issue and reported it. In https://github.com/jschneier/django-storages/commit/330966293a74f2dabda18fa2e4a221952bf010a9 there's a fix on his side to cope with the django change. It looks like we'll want that change backporting into python-django-storages. I can try to do that too if you like, but I appreciate we're getting very tight on time before the weekend. :-/ -- Steve McIntyre, Cambridge, UK. st...@einval.com "War does not determine who is right - only who is left." -- Bertrand Russell
