Skip to content
This repository was archived by the owner on Apr 26, 2024. It is now read-only.
This repository was archived by the owner on Apr 26, 2024. It is now read-only.

Installing as a module from PyPI leaves installations vulnerable to bugs in dependencies #13315

Open
Open
Installing as a module from PyPI leaves installations vulnerable to bugs in dependencies#13315
Labels
A-PackagingOur Debian packages, docker images; or issues relevant to downstream packagersT-OtherQuestions, user support, anything else.
@richvdh

Description

@richvdh
richvdh
opened on Jul 18, 2022

One of our recommended installation methods suggests installing Synapse as a module from PyPI.

This works fine, but if one of our downstream dependencies has a bug (such as a security vulnerability) then it is difficult for administrators to know they need to update their installation. This in turn leads us to have to increase our minimum dependency versions (see #13172 for example), which makes things difficult for downstream packagers.

Metadata

Metadata

Assignees

No one assigned

    Labels

    A-PackagingOur Debian packages, docker images; or issues relevant to downstream packagersT-OtherQuestions, user support, anything else.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions