The library behavior has been modified. Methods take different arguments and produce different output.
The author has no desire to upstream his changes. He feels that just making his changes and bundling it is ok. Additionally, upstream is trying to move away from this library to their own custom one (which this one really is with all the changes anyhow).
Changes are dramatic enough that if they were applied to the pyPdf package in Fedora it would break all other users of it.
No other packages consume this version of pyPdf that I know of, nor are they useful for any other packages I know of.
Upstream is only making minimal changes that I can see to the library, but then, the proper upstream for the library hasn't updated in 2 years or so.
Upstream doesn't care about bundling, and indeed doesn't really want or care for distros to ship their package.
I don't think there's any security risks here, but hard to tell.
There is a plan upstream to someday re-write the library for completely their own internal use from the ground up, but it's not been a priority.
All of: debian, ubuntu, arch bundle this copy in their calibre versions.
Happy to provide more info or comments.
Bundling exception approved (+1:6, 0:0, -1:2)
Be sure to add:
Metadata Update from @spot:
- Issue assigned to spot
to comment on this ticket.