Bug#933921: src:python-tablib: Unsafe use of yaml.load()

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Bug#933921: src:python-tablib: Unsafe use of yaml.load()

Thomas Goirand-3
On 8/6/19 1:58 AM, Joseph Herlant wrote:

> Hi,
> Thanks Scott for the report.
> Tomas: the repository in Openstack was archived long ago because it
> was ported to https://salsa.debian.org/python-team/modules/python-tablib
> The module is used by other packages than openstack (like
> django-tables if I remember correctly), so could you please hold off
> the removal request please?
> If the repo in the openstack group bother you, you can drop it but
> please don't drop tablib (at least not the python3 version).
> Thanks,
> Joseph

Indeed, it has a single reverse build-depends. Closing the RM bug then.
I'd still advise upstream against using this library which is of lower
code quality.


Thomas Goirand (zigo)