Removal of dependency on python future.
I have:
- ([x] when completed)
-
searched https://gitlab.com/duplicity/duplicity/-/issues for similar issues. If you find a similar issue and the issue is still open, add a comment to the existing issue instead of opening a new one. If you find a Closed issue that seems like it is the same thing that you're experiencing, open a new issue and include a link to the original issue in the body of your new one. -
tested that this issue still occurs on the latest stable snap (install instructions: https://snapcraft.io/duplicity), please include the snap version ( snap info duplicity | grep installed
) output:installed: x.xx.xx (xx)
-
ideally, tested that this issue still occurs on the latest edge snap, if you can test without risking your data. Please include the snap version output: installed: x.xx.xx (xx)
Summary
Duplicity depends on future, which is being deprecated on Gentoo at least. Reasons cited:
Unmaintained with last release in 2019. We already patched it to work
with Python 3.9+. The upstream code is also vulnerable
to CVE-2022-40899. Above all, this library is completely redundant
to packages not supporting Python 2 anymore.
I'm not sure how future removal fits in with your priorities/etc, but I did note the recent blueprint issue which discussed moving to Python v3-only which probably would enable this.
Environment
Apples to master branch in gitlab repo.