Re: python-werkzeug CVEs

2024-11-29 Thread Sean Whitton 
Hello,

On Fri 29 Nov 2024 at 08:38am +01, Carsten Schoenert wrote:

> Hi Sean,
>
> Am 29.11.24 um 04:22 schrieb Sean Whitton:
>> Hello,
>> There are three DoS CVEs for python-werkzeug in stable.
>> I intend to fix these as part of the Debian LTS team, sponsored by
>> Freexian.  I would like also to fix them in bookworm, because that will
>> become an LTS release eventually.  Would you like me to go ahead and
>> submit a stable update request, or are you already working on something?
>
> no, I haven't looked into the details yet to fix these CVEs for the older
> versions in Debian, I was intending to look into these after the recent happen
> update of Werkzeug plus Flask *and* after my moving of home. It would take at
> least some more weeks on my sid, please go ahead and don't wait for me.

Thanks for getting back to me so quickly.  I'll see how I get on.

-- 
Sean Whitton

Request to join Debian Python Team

2024-11-29 Thread Ranjith Raj 

Dear Debian Python Team,

I'd like to join theDebian Python team.

I am a Python developer with a focus on creating and maintaining 
high-performance tools and packages.
Recently, I have been working on packaging uv and ruff, two Rust-based 
tools that significantly enhance Python development workflows.


I've read the team's policy document and I accept it. Here is  my salsa
handle "ranjithraj".

Thanks & regards,
Ranjith Raj

ITP: uv -- An extremely fast Python package and project manager.

2024-11-29 Thread Ranjith Raj 

Package:wnpp
Severity: wishlist
X-Debbugs-Cc: debian-de...@lists.debian.org,
:debian-python@lists.debian.org
Owner: Ranjith Raj 

Package:uv
Version:0.5.5
Severity: wishlist

* Package name :uv
Version :0.5.5
Upstream Author :Charlie Marsh 
* URL :http s://github.com/astral-sh/uv 


* License :MIT license and Apache Licence v2.0
Description :An extremely fast Python package and project manager.
uv, a Rust-based tool that replaces pip, pip-tools, pipx, poetry, pyenv, 
twine, and virtualenv.
It offers 10-100x faster performance, Python version management, and 
comprehensive project management with a global cache for dependency 
deduplication.


I intend to maintain thepackage under the Debian Python team umbrella.

Thanks & regards
Ranjith Raj

Re: ITP: uv -- An extremely fast Python package and project manager.

2024-11-29 Thread Emmanuel Arias 

Hi,

Already exist an ITP for uv, please see #1069776.

Cheeers,
On Sat, Nov 30, 2024 at 12:26:19AM +0530, Ranjith Raj wrote:
> Package:wnpp
> Severity: wishlist
> X-Debbugs-Cc: debian-de...@lists.debian.org,
> :debian-python@lists.debian.org
> Owner: Ranjith Raj 
> 
> Package:uv
> Version:0.5.5
> Severity: wishlist
> 
> * Package name :uv
> Version :0.5.5
> Upstream Author :Charlie Marsh 
> * URL :http s://github.com/astral-sh/uv
> 
> * License :MIT license and Apache Licence v2.0
> Description :An extremely fast Python package and project manager.
> uv, a Rust-based tool that replaces pip, pip-tools, pipx, poetry, pyenv,
> twine, and virtualenv.
> It offers 10-100x faster performance, Python version management, and
> comprehensive project management with a global cache for dependency
> deduplication.
> 
> I intend to maintain thepackage under the Debian Python team umbrella.
> 
> Thanks & regards
> Ranjith Raj

-- 
cheers,
Emmanuel Arias

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  eam...@debian.org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: 13796755BBC72BB8ABE2AEB5 FA9DEC5DE11C63F1
 
 ⠈⠳⣄


signature.asc
Description: PGP signature

Re: ITP: uv -- An extremely fast Python package and project manager.

2024-11-29 Thread Ranjith Raj 

Hi Emmanuel,

I noticed that you have commented to work on this in July 2024 and are 
currently the owner of this ITP (#1069776).
I am interested in this package as well and would like to inquire if you are 
still actively working on it. If so, I would be delighted to collaborate and 
contribute to its development and maintenance.

Thank you for your time and consideration.

Best regards,
Ranjith Raj

On 11/30/24 01:05, Emmanuel Arias wrote:

Hi,

Already exist an ITP for uv, please see #1069776.

Cheeers,
On Sat, Nov 30, 2024 at 12:26:19AM +0530, Ranjith Raj wrote:

Package:wnpp
Severity: wishlist
X-Debbugs-Cc:debian-de...@lists.debian.org,
:debian-python@lists.debian.org
Owner: Ranjith Raj

Package:uv
Version:0.5.5
Severity: wishlist

* Package name :uv
Version :0.5.5
Upstream Author :Charlie Marsh
* URL :https://github.com/astral-sh/uv

* License :MIT license and Apache Licence v2.0
Description :An extremely fast Python package and project manager.
uv, a Rust-based tool that replaces pip, pip-tools, pipx, poetry, pyenv,
twine, and virtualenv.
It offers 10-100x faster performance, Python version management, and
comprehensive project management with a global cache for dependency
deduplication.

I intend to maintain thepackage under the Debian Python team umbrella.

Thanks & regards
Ranjith Raj

Re: ITP: uv -- An extremely fast Python package and project manager.

2024-11-29 Thread eevelweezel 
Agreed, I'd be interested in assisting as well. uv is the last thing
blocking packaging hatch.

Best,
./wzl


On Fri, Nov 29, 2024, 15:33 weepingclown  wrote:

> It'd make sense to add that as additional info to the ITP bug thread so
> that anyone interested in helping has some information on the current
> state.
>
> And if my memory serves me right, uv mostly needed only uv specific
> internal
> crates to be packaged than a lot of general ones.
>
> Best,
> Ananthu
>
> On 29 November 2024 9:11:53 pm UTC, Emmanuel Arias 
> wrote:
> >> The biggest effort here is the amount of rust packages that we need to
> >introduce to Debian.  Let me prepare a list of TODO
> >and I'll send it to you.
>
>

Re: ITP: uv -- An extremely fast Python package and project manager.

2024-11-29 Thread Emmanuel Arias 
On Fri, Nov 29, 2024 at 5:06 PM Ranjith Raj  wrote:

> Hi Emmanuel,
>
> I noticed that you have commented to work on this in July 2024 and are 
> currently the owner of this ITP (#1069776).
> I am interested in this package as well and would like to inquire if you are 
> still actively working on it. If so, I would be delighted to collaborate and 
> contribute to its development and maintenance.
>
> The biggest effort here is the amount of rust packages that we need to
introduce to Debian.  Let me prepare a list of TODO
and I'll send it to you.

Cheers

> Thank you for your time and consideration.
>
> Best regards,
> Ranjith Raj
>
> On 11/30/24 01:05, Emmanuel Arias wrote:
>
> Hi,
>
> Already exist an ITP for uv, please see #1069776.
>
> Cheeers,
> On Sat, Nov 30, 2024 at 12:26:19AM +0530, Ranjith Raj wrote:
>
> Package:wnpp
> Severity: wishlist
> X-Debbugs-Cc: debian-de...@lists.debian.org,
> :debian-python@lists.debian.org
> Owner: Ranjith Raj  
>
> Package:uv
> Version:0.5.5
> Severity: wishlist
>
> * Package name :uv
> Version :0.5.5
> Upstream Author :Charlie Marsh  
> 
> * URL :http  
> s://github.com/astral-sh/uv
>  
> * License :MIT license and Apache Licence v2.0
> Description :An extremely fast Python package and project manager.
> uv, a Rust-based tool that replaces pip, pip-tools, pipx, poetry, pyenv,
> twine, and virtualenv.
> It offers 10-100x faster performance, Python version management, and
> comprehensive project management with a global cache for dependency
> deduplication.
>
> I intend to maintain thepackage under the Debian Python team umbrella.
>
> Thanks & regards
> Ranjith Raj
>
>

Re: ITP: uv -- An extremely fast Python package and project manager.

2024-11-29 Thread weepingclown 
It'd make sense to add that as additional info to the ITP bug thread so
that anyone interested in helping has some information on the current state.

And if my memory serves me right, uv mostly needed only uv specific internal
crates to be packaged than a lot of general ones.

Best,
Ananthu

On 29 November 2024 9:11:53 pm UTC, Emmanuel Arias  wrote:
>> The biggest effort here is the amount of rust packages that we need to
>introduce to Debian.  Let me prepare a list of TODO
>and I'll send it to you.