severity 1033333 normal retitle 1033333 rust-encoding is unmaintained upstream severity 1033334 normal retitle 1033334 rust-boxfnonce is unmaintained upstream severity 1033335 normal retitle 1033335 rust-const-cstr is unmaintained upstream
(summarising several bugs)
there is https://rustsec.org/advisories/RUSTSEC-{advisory}.html which flags that rust-{crate} is unmaintained. Since there are no reverse deps in the archive, let's exclude it from bookworm (or rather remove rightaway)?
I don't know what tool you are using to check for reverse dependencies but whatever it is does not seem to take account of virtual packages correctly. (unfortunately I don't know of one that does, I personally resort to grepping the packages/sources files which works but does produce some false positives). Some other rust team members use list-rdeps.sh in the debcargo-conf repository but that only seems to take account of packages packaged through debcargo.
plugwash@coccia:~$ zcat /srv/ftp.debian.org/mirror/dists/sid/main/source/Sources.gz /srv/ftp.debian.org/mirror/dists/sid/main/binary-amd64/Packages.gz | grep -v Testsuite-Triggers | grep-dctrl rust-encoding-0.2 -spackage Package: rust-bat Package: rust-gettext Package: librust-bat-dev Package: librust-encoding-dev Package: librust-gettext-dev Package: librust-tendril+encoding-dev plugwash@coccia:~$ zcat /srv/ftp.debian.org/mirror/dists/sid/main/source/Sources.gz /srv/ftp.debian.org/mirror/dists/sid/main/binary-amd64/Packages.gz | grep -v Testsuite-Triggers | grep-dctrl rust-boxfnonce -spackage Package: rust-boxfnonce Package: rust-daemonize Package: librust-boxfnonce-dev Package: librust-daemonize-dev Package: sccache plugwash@coccia:~$ zcat /srv/ftp.debian.org/mirror/dists/sid/main/source/Sources.gz /srv/ftp.debian.org/mirror/dists/sid/main/binary-amd64/Packages.gz | grep -v Testsuite-Triggers | grep-dctrl rust-const-cstr -spackage Package: rust-const-cstr Package: rust-yeslogic-fontconfig-sys Package: librust-const-cstr-dev Package: librust-yeslogic-fontconfig-sys-dev plugwash@coccia:~$
While I agree it's good to move away from crates that are abandoned upstream, I think it's too late to do so for bookworm and I don't think any of these crates are sensitive enough to consider such maintenance issues as rc. daemonize has already moved away from boxfnonce upstream, and the latest upstream git source for sccache has moved to the new version of daemonize so this should be a fairly easy fix, but still probablly too instrusive for the current stage in the release process. I've filed upstream issies for the other two https://github.com/yeslogic/fontconfig-rs/issues/35 https://github.com/sharkdp/bat/issues/2512
