Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unmaintained dependencies #440

Open
timokau opened this issue Apr 15, 2018 · 10 comments

Comments

@timokau
Copy link
Contributor

commented Apr 15, 2018

I'm trying to package this for nixos and there were concerns raised about apparently unmaintained dependencies.

Would you mind commenting on those, if you plan to remove or replace them and if you think the concerns raised are valid?

python-openid (dependency of flask-openid)

NixOS/nixpkgs#38788 (comment)

flask-oldessions

NixOS/nixpkgs#38787 (comment)

  • similarly not updated in 6 years
  • tests failing

Misc

The main maintainer of python packages in nixpkgs would also like to reduce the dependencies on flask extensions in general, if that is possible:

NixOS/nixpkgs#38787 (comment)

@timokau timokau referenced this issue Apr 15, 2018
5 of 8 tasks complete
@kcrisman

This comment has been minimized.

Copy link
Contributor

commented Apr 16, 2018

I am unsure whether any of these issues would immediately be taken care of. I think it is reasonable to try to find a way to remove the openid as a necessary dependency, though I'm not sure how, since most people looking for something to use that functionality with would no longer be using sagenb. I don't know what oldsessions is, but presumably for reloading something? However, sagenb was written to depend fairly heavily on various flask capabilities so I don't know whether one could get rid of all of them very easily. @dimpase thoughts?

@dimpase

This comment has been minimized.

Copy link
Member

commented Apr 16, 2018

Pull requests are welcome, as always. Feel free to try to remove these.

@jdemeyer

This comment has been minimized.

Copy link
Contributor

commented Apr 16, 2018

Well, sagenb itself is unmaintained. Why do you complain about its dependencies and not about sagenb itself?

@timokau

This comment has been minimized.

Copy link
Contributor Author

commented Apr 16, 2018

since most people looking for something to use that functionality with would no longer be using sagenb

I'm unsure what you mean by that. Isn't openid more or less only used for public instances? Why would I need it if I run notebook() out of my own local sage instance?

Pull requests are welcome, as always. Feel free to try to remove these.

Good to know. I only want to package it though -- I'm not quite willing to dive into the details of sagenb and flask to fix this. If nobody experienced with it has any input/solution, we'll have to figure out another option to package it or leave it be.

Well, sagenb itself is unmaintained.

Thats news to me. At least it looks reasonably maintained: last commit this year, multiple posts on the mailing list last year.

Why do you complain about its dependencies and not about sagenb itself?

Sorry if this seems like pure complaining. I just wanted to forward concerns that came up while packaging in hopes to open a discussion, find solutions or workarounds and hopefully improve the situation for everybody.

@jdemeyer

This comment has been minimized.

Copy link
Contributor

commented Apr 17, 2018

Sorry if this seems like pure complaining. I just wanted to forward concerns that came up while packaging in hopes to open a discussion, find solutions or workarounds and hopefully improve the situation for everybody.

First of all, the fact that software is unmaintained does not need to be a problem. Even unmaintained software can be packaged and installed.

So I'm trying to understand why you consider it a problem that sagenb is using unmaintained dependencies but you don't find it a problem that sagenb itself is unmaintained.

@jdemeyer

This comment has been minimized.

Copy link
Contributor

commented Apr 17, 2018

Thats news to me. At least it looks reasonably maintained: last commit this year, multiple posts on the mailing list last year.

Let's say that sagenb is on life support. We try to keep it working, but we're not making substantial changes.

@dotlambda

This comment has been minimized.

Copy link

commented Apr 17, 2018

So I'm trying to understand why you consider it a problem that sagenb is using unmaintained dependencies but you don't find it a problem that sagenb itself is unmaintained.

The difference is that flask-openid (and python-openid) is security-related software that should not be used because it has unfixed vulnerabilities.
Another problem is that software which (unlike sagenb) is not maintained at all is more likely to not work with more recent versions of Flask for example.

@embray

This comment has been minimized.

Copy link
Contributor

commented Apr 17, 2018

It doesn't help that that there are parts of Sage itself, still, that don't work without sagenb installed. So if we're putting sagenb on life support (which I support doing), we should work actively and quickly to remove all explicit and non-optional dependence on it in Sage. There are already some tickets to that effect but it's not complete.

One possibility would be to make a new release that simply drops the openid support (unfortunately, but more effort than it's worth to fix). I don't know what flask-oldsessions does but that could probably be worked around as well.

@kcrisman

This comment has been minimized.

Copy link
Contributor

commented Apr 18, 2018

@FRidh FRidh referenced this issue Apr 18, 2018
5 of 8 tasks complete
@kcrisman kcrisman added the Critical label May 22, 2018
@timokau

This comment has been minimized.

Copy link
Contributor Author

commented May 24, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
6 participants
You can’t perform that action at this time.