mailman needs more work:
Hi @FedoraInfra,
On August 8th, 2020 at 01:51 (UTC) your application (Fedora Mailman) used an access token (with the User-Agent python-requests/2.9.1) as part of a query parameter to access an endpoint through the GitHub API:
https://api.github.com/user
Please use the Authorization HTTP header instead as using the access_token query parameter is deprecated.
access_token
Depending on your API usage, we'll be sending you this email reminder on a monthly basis.
Visit https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param for more information about suggested workarounds and removal dates.
Thanks, The GitHub Team
yeah, we had the issue too, that requires a new version of django socialauth, and i think it wasn't released last time I looked. @duck , any news ?
Metadata Update from @smooge: - Issue priority set to: Waiting on Assignee (was: Needs Review) - Issue tagged with: groomed, lists, medium-gain, medium-trouble
We have close the previous ticket about that https://pagure.io/fedora-infrastructure/issue/8629 and referred to https://pagure.io/fedora-infrastructure/issue/8455
Don't know if we want to do the same again :P
The fix was done: https://github.com/pennersr/django-allauth/pull/2458 It is available in 0.42.
Now 0.41 drops Python 2 support so that's not gonna work with the current packages. Either we backport this patch in the allauth package we currently use (0.34, but we may probably be able to bump up to ~0.40) or even better we are fast enough to package all the things for EL8 and migrate all instances before the deadline (that's #8455).
I think that given the patch seems quite small, and this part didn't changed a lot since introduction, a backport seems faster. Upgrading everything on EL8 with a deadline seems like a source of tress that could be be avoided, IMHO.
@misc I did not look at the patch yet, thanks. Agreed.
@smooge could you confirm the version of python-django-allauth you're using? We still use a rebuild of 0.34.0-1 that was prepared by abompard. This is to be sure we target the necessary versions for the patch.
We are looking to move our stack to Fedora 33 for mailman3 and remove various forms of secondary auth. I think we can close this.
Metadata Update from @smooge: - Issue close_status updated to: Will Not/Can Not fix - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.