For some time, I have been maintaining python-jose[1] since it is a
minor test dependency for python-fastapi. While the Fedora package for
python-jose is in good condition, the project has been unmaintained
upstream for some time[2][3].
I have just chosen to skip the FastAPI tests that require python-jose
and orphan the python-jose package with the expectation that it will be
retired for F41. As an unmaintained security library, I do *not*
recommend picking it up and keeping it in Fedora – although I did not
feel strongly enough to choose immediate retirement over orphaning.
One package, python-social-auth-core[4], still depends on python-jose.
However, this dependency is removed upstream in social-auth-core release
4.5.0[5], so I recommend that the maintainers of that package update
it[6] rather than keeping python-jose around.
[1]
https://src.fedoraproject.org/rpms/python-jose
[2]
https://github.com/mpdavis/python-jose/issues/332
[3]
https://github.com/mpdavis/python-jose/issues/340
[4]
https://src.fedoraproject.org/rpms/python-social-auth-core
[5]
https://github.com/python-social-auth/social-core/blob/4.5.3/CHANGELOG.md...
[6]
https://bugzilla.redhat.com/show_bug.cgi?id=2178870