[openstack-dev] [PKG-Openstack-devel] Bug#755315: [Trove] Should we stop using wsgi-intercept, now that it imports from mechanize? this is really bad!

Chris Dent chdent at redhat.com
Tue Jul 29 10:11:56 UTC 2014


On Tue, 29 Jul 2014, Thomas Goirand wrote:

> Sorry, I couldn't reply earlier.

No problem.

> However, from *your* perspective, I wouldn't advise that you keep using
> such a dangerous, badly maintained Python module. Saying that it's
> optional may look like you think mechanize is ok and you are vouching
> for it, when it really shouldn't be the case. Having clean, well
> maintained dependencies, is IMO very important for a given python
> module. It shows that you care no bad module gets in.

I've pointed a couple of the other wsgi-intercept contributors to this
thread to get their opinions on which way is the best way forward,
I'd prefer not to make the decision solo.

> Let me know whenever you have a new release, without mechanize as new
> dependency, or with it being optional.

It will be soon (a day or so).

-- 
Chris Dent tw:@anticdent freenode:cdent
https://tank.peermore.com/tanks/cdent



More information about the OpenStack-dev mailing list