Hi,

I've been using Django 4.2.2 from my personal Guix channel for a couple 
of days and it seems to work alright, so I'd like to send a patch to 
include it in Guix, although I have some questions first.

1. python-asgiref >= 3.6.0 and < 4 is a requirement for Django 4.2 LTS 
series, there is a patch for it already 
(https://issues.guix.gnu.org/61543), it builds, doesn't appear to have 
known vulnerabilities and Django 4.2.2 works with it. Would it be okay 
to add it to Guix until someone else packages the latest version (3.7.2, 
but it currently fails to build for me: sanity-check 
DistributionNotFound or something)?

2. "guix lint python-django@4.2.2" says this version of DJango might be 
vulnerable to CVE-2023-31047 but reading the CVE description version 
4.2.2 doesn't seem to be affected. Is there anything I should do 
regarding this warning?

3. Guix currently distributes versions of Django that no longer receive 
security updates or bug fixes. For example, python-django@4.0.7, 
python-django@3.1.14, python-django@2.2.28 (see 
https://www.djangoproject.com/download/). Should they be removed?

Thanks in advance,

-- 
Luis Felipe López Acevedo
https://luis-felipe.gitlab.io/