Bandit

Use a more recent version of hacking

Bug #1741100 reported by Matthew Thode on 2018-01-03

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Bandit	Fix Committed	High	Tin Lam
	bandit (Gentoo Linux)	Fix Released	Medium	gentoo-bugs #643294

Bug Description

Using such an ancient version of hacking can cause downstream packaging issues.

https://bugs.gentoo.org/643294

Revision history for this message

In Gentoo Bugzilla #643294, mgorny (mgorny-gentoo-bugs) wrote on 2018-01-03:

This is the only package requiring old version of dev-python/hacking. Please look into the possibility of making it work with newer versions.

Revision history for this message

In Gentoo Bugzilla #643294, mgorny (mgorny-gentoo-bugs) wrote on 2018-01-03:

...which in turn requires ancient dev-python/flake8.

Bug Watch Updater (bug-watch-updater) on 2018-01-03

Changed in bandit (Gentoo Linux):
importance:	Unknown → Medium

Revision history for this message

Gage Hugo (gagehugo) wrote on 2018-01-03:

I'm a bit confused here, bandit doesn't require hacking to run, it should only be used for testing via testenv. Also Bandit follows other OpenStack projects in terms of setting limits for the requirements, and hacking seems to be in line with both keystone[0] and nova[1]. I'm not sure what the reasoning is for the current cap at below 0.14.0 but I can look into it.

[0] https://github.com/openstack/keystone/blob/master/test-requirements.txt#L5
[1] https://github.com/openstack/nova/blob/master/test-requirements.txt#L5