[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Adding Django 4.2 LTS
|
From: |
Luis Felipe |
|
Subject: |
Adding Django 4.2 LTS |
|
Date: |
Wed, 21 Jun 2023 18:36:22 +0000 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.12.0 |
Hi,
I've been using Django 4.2.2 from my personal Guix channel for a couple
of days and it seems to work alright, so I'd like to send a patch to
include it in Guix, although I have some questions first.
1. python-asgiref >= 3.6.0 and < 4 is a requirement for Django 4.2 LTS
series, there is a patch for it already
(https://issues.guix.gnu.org/61543), it builds, doesn't appear to have
known vulnerabilities and Django 4.2.2 works with it. Would it be okay
to add it to Guix until someone else packages the latest version (3.7.2,
but it currently fails to build for me: sanity-check
DistributionNotFound or something)?
2. "guix lint python-django@4.2.2" says this version of DJango might be
vulnerable to CVE-2023-31047 but reading the CVE description version
4.2.2 doesn't seem to be affected. Is there anything I should do
regarding this warning?
3. Guix currently distributes versions of Django that no longer receive
security updates or bug fixes. For example, python-django@4.0.7,
python-django@3.1.14, python-django@2.2.28 (see
https://www.djangoproject.com/download/). Should they be removed?
Thanks in advance,
--
Luis Felipe López Acevedo
https://luis-felipe.gitlab.io/
OpenPGP_0x0AB0D067012F08C3.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Adding Django 4.2 LTS,
Luis Felipe <=