MIR for paste.

looks fine for me

promoted

python-paste depends on python-formencode, which is in universe. This also needs an MIR for lucid.

And python-paste also recommends python-scgi.

The paste package ships on the beta-1 CD but is not installable. This needs resolving for beta2.

MIR for python-formencode:

* Availablity: Available for all architectures
* Rationale: So paste is installable again
* Security: CVE-2008-6547 which has been fixed for lucid.
* Dependencies: debhelper, python-all-dev, python, python-support, python-setuptools,
 python-pkg-resources, python-elementtree (all in main)
* QA: No Debian Bugs open, No Ubuntu bugs open.
* Standards Compliant.
* Relatively easy to maintain.

MIR for python-formencode:

* Availablity: Available for all architectures
* Rationale: So paste is installable again
* Security: CVE-2008-6547 which has been fixed for lucid.
* Dependencies: debhelper, python-all-dev, python, python-support, python-setuptools,
 python-pkg-resources, python-elementtree (all in main)
* QA: No Debian Bugs open, No Ubuntu bugs open.
* Standards Compliant.
* Relatively easy to maintain.

MIR for scgi:

* Availabliity: Available for all architectures
* Rationale: So paste is installable again in main
* Security: NO CVE history
* Dependencies: debhelper, python-support, python-all-dev, apache2-threaded-dev, quilt, apache2.2-common,
   (all in main)
* QA: No Debian bugs open, No Ubuntu bugs open. Debian maintenance is really calm.
* Standads Compliant.

The impact of dropping python-dns from python-formencode depends should actually be understood before the MIR for python-formencode is approved:

[09:39:57] <ScottK> ttx: It ought to at least build and dropping python-dns from depends with no rationale is just wrong.
[09:40:19] <ScottK> POX: Thanks.
[09:40:26] <POX> python-dns is probably removed as it's not in main
[09:40:28] <zul> i just uploaded the FTBFS fix
[09:40:43] <ttx> I'm trying to avoid duplicating work :)
[09:40:49] <zul> and removed python-dns as well
[09:40:53] <ScottK> POX: Yes, but we aren't supposed to just drop depends willy nilly.
[09:40:56] <ScottK> zul: Why?
[09:41:08] <zul> because its not in main
[09:41:18] <ScottK> zul: That's not a proper rationale.
[09:41:26] <zul> and the testsuite ran fine without it
[09:41:42] <ScottK> And so that means there's no impact?
[09:41:58] <zul> didnt appear to any to me

I agree. python-dns is optionally used if you specifically set resolve_domain=True. The rdepends should be checked to see if they make use of that option. If they don't, then Suggesting python-dns would be the correct solution. If some of them do, they could be made to depend on python-dns (and python-dns kept as a suggests). If all do, then have python-formencode depend on python-dns is probably the right thing to do.

Flipping formencode to incomplete until that question is resolved.

Kees, can you please take a look at scgi MIR? Thanks!

scgi: +1 the code looks pretty defensive and seems to handle its fds correctly

scgi promoted.

I checked the rdepends for python-formencode and none of them use resolve_domain=True so the Suggest is ok, the MIR should continue.

Regards
chuck

python-formencode looks okay, promoted.