[openstack-dev] [PKG-Openstack-devel] Bug#755315: [Trove] Should we stop using wsgi-intercept, now that it imports from mechanize? this is really bad!
Chris Dent
chdent at redhat.com
Tue Jul 29 10:11:56 UTC 2014
On Tue, 29 Jul 2014, Thomas Goirand wrote:
> Sorry, I couldn't reply earlier.
No problem.
> However, from *your* perspective, I wouldn't advise that you keep using
> such a dangerous, badly maintained Python module. Saying that it's
> optional may look like you think mechanize is ok and you are vouching
> for it, when it really shouldn't be the case. Having clean, well
> maintained dependencies, is IMO very important for a given python
> module. It shows that you care no bad module gets in.
I've pointed a couple of the other wsgi-intercept contributors to this
thread to get their opinions on which way is the best way forward,
I'd prefer not to make the decision solo.
> Let me know whenever you have a new release, without mechanize as new
> dependency, or with it being optional.
It will be soon (a day or so).
--
Chris Dent tw:@anticdent freenode:cdent
https://tank.peermore.com/tanks/cdent
More information about the OpenStack-dev
mailing list