On Mon, Mar 17, 2025 at 6:42 PM Simon Josefsson <[email protected]> wrote:
> All, > > We now have the maintained fork in Debian: > > https://tracker.debian.org/pkg/golang-github-smallstep-pkcs7 > > I think all packages below could be migrate to it. Upstream seems > supportive to make that happen. > > But I'm not sure it is a good idea to start on this now... we are > getting closer to the release. Thoughts? I worry that if we are not > able to make all uses go away, then we are almost worse off than before. > So maybe we should just fix the RC bugs in those two unmaintained > packages. > I personally agree that we should proceed, but it does technically fall into the category "transition freeze" cf. https://release.debian.org/testing/freeze_policy.html#transition. However, I think we should ask the release team for their opinion. To make it easier for them, we should provide them with background and the maintenance status of the libraries. Did you check whether the API has changed? Your idea to provide (by building a transitional package with the old name -- I don't think using the "Provides" package relationship would do in this case) the old package name can be useful to check whether introducing the fork would require code changes in downstream packages. If we can demonstrate that this switch is not causing build issues, that would instill confidence in this transition. -rt > > The code between these three packages is similar though, so migration > could be simple. > > The new golang-github-smallstep-pkcs7 package could do something to make > it easier to migrate to it, but right now you need to rebuild all > packages below with a patch that changes the Build-Depends in > debian/control and also a patch to change the import namespace in code > using it. > > We could start asking upstreams of the packages below to consider > migrate to golang-github-smallstep-pkcs7 as well. If there is pushback > (rather than silence/ignorance) we may learn something. > > /Simon > > jas@kaka:~/dpkg$ ssh mirror.ftp-master.debian.org "dak rm -Rn -b > golang-github-fullsailor-pkcs7-dev golang-github-digitorus-pkcs7-dev" > Will remove the following packages from unstable: > > golang-github-digitorus-pkcs7-dev | 0.0~git20230818.3a137a8-2 | all > golang-github-fullsailor-pkcs7-dev | 0.0~git20210826.33d0574-3 | all > > Maintainer: Debian Go Packaging Team <[email protected]> > > ------------------- Reason ------------------- > > ---------------------------------------------- > > Checking reverse dependencies... > # Broken Depends: > golang-github-containers-ocicrypt: golang-github-containers-ocicrypt-dev > golang-github-digitorus-timestamp: golang-github-digitorus-timestamp-dev > golang-github-micromdm-scep: golang-github-micromdm-scep-dev > golang-github-sigstore-timestamp-authority: > golang-github-sigstore-timestamp-authority-dev > golang-github-smallstep-certificates: > golang-github-smallstep-certificates-dev > sigstore-go: golang-github-sigstore-sigstore-go-dev > > # Broken Build-Depends: > gitlab-ci-multi-runner: golang-github-fullsailor-pkcs7-dev > golang-github-containers-image: golang-github-fullsailor-pkcs7-dev > golang-github-containers-ocicrypt: golang-github-fullsailor-pkcs7-dev > golang-github-digitorus-timestamp: golang-github-digitorus-pkcs7-dev > golang-github-foxboron-go-uefi: golang-github-fullsailor-pkcs7-dev > golang-github-micromdm-scep: golang-github-fullsailor-pkcs7-dev > (0.0~git20210826.33d0574~ >=) > golang-github-sigstore-timestamp-authority: > golang-github-digitorus-pkcs7-dev > golang-github-smallstep-certificates: golang-github-fullsailor-pkcs7-dev > podman: golang-github-fullsailor-pkcs7-dev > > Dependency problem found. > > jas@kaka:~/dpkg$ > -- regards, Reinhard
