Discussion:
Bug#1085206: ITP: evalidate -- Validation and secure evaluation of untrusted Python expressions
(too old to reply)
Colin Watson
2024-10-16 10:10:01 UTC
Permalink
Package: wnpp
Severity: wishlist
Owner: Colin Watson <***@debian.org>
X-Debbugs-Cc: debian-***@lists.debian.org

* Package name : evalidate
Version : 2.0.3
Upstream Contact: Yaroslav Polyakov <***@gmail.com>
* URL : https://github.com/yaroslaff/evalidate
* License : MIT
Programming Lang: Python
Description : Validation and secure evaluation of untrusted Python expressions

Evaluate user-supplied Python expressions by walking their syntax tree
and allowing only operations that pass a given security model.

I'm packaging this because it's a new dependency of buildbot 4.1.0. I
plan to maintain it within the Debian Python Team.
--
Colin Watson (he/him) [***@debian.org]
Guillem Jover
2024-10-18 12:40:01 UTC
Permalink
Hi!
Post by Colin Watson
Package: wnpp
Severity: wishlist
* Package name : evalidate
Version : 2.0.3
* URL : https://github.com/yaroslaff/evalidate
* License : MIT
Programming Lang: Python
Description : Validation and secure evaluation of untrusted Python expressions
Evaluate user-supplied Python expressions by walking their syntax tree
and allowing only operations that pass a given security model.
I'm packaging this because it's a new dependency of buildbot 4.1.0. I
plan to maintain it within the Debian Python Team.
This seems to be a python module only package, but its source package
name is not currently namespaced. Given that it has not yet passed NEW,
please namespace it with python- to avoid taking on the global namespace,
so that we do not "prevent" packaging something that for example installs
a command with the same name (or having to end up using a non-obvious one
for that, or requiring a future rename), so that it's easier to see what
it is about when doing archive-wide analysis from Sources, or dd-lists,
or even reading changelogs via stuff like apt-listchanges, like the rest
of the language specific teams are doing. :)

Thanks,
Guillem
Colin Watson
2024-10-18 17:10:01 UTC
Permalink
Post by Guillem Jover
This seems to be a python module only package, but its source package
name is not currently namespaced. Given that it has not yet passed NEW,
please namespace it with python- to avoid taking on the global namespace,
OK, done, and I asked #debian-ftp to reject the un-namespaced package
from NEW.

Thanks,
--
Colin Watson (he/him) [***@debian.org]
Loading...