Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: transition
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Dear release team, I'd like to transition tinyobjloader for its new soname. Technically, this is a simple transition, the reverse dependencies build fine. However, the transition is unusual as it is not an official release, so allow me to explain my reasons. The initial upload was with 2.0.0~rc5 around April 2020, because it was required by Open3D at that time. Upstream assured me that a final 2.0 release would be happening in early 2021. Some development occurred (which broke ABI backwards compatibility) and some bugs were fixed, among them CVE-2020-28589; however, the final release never materialized. Now, almost two years later, I find myself with an "in-between" ABI version that is no longer .so.1 but likely not .so.2 yet (the TODO still includes some "API polishing"). It is impossible to predict when upstream will find the time to finish the 2.0 release, and I would like to have the bugfixes in Debian at some point. Given that this is only a minor package with few reverse depends, I felt it was fine to have this "in-between" transition now and the proper one with .so.2 whenever the final release happens. Let me know what you think. Cheers Timo PS. https://release.debian.org/transitions/html/auto-tinyobjloader.html looks good -----BEGIN PGP SIGNATURE----- iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmJAnnYACgkQ+C8H+466 LVk67AwAo6qohyBPGDq36lxSFbEW/E6qZHNWBr239hVMGNT63DzhvRqRO4KOdt9C xoQYSRrFXP5oQRKXh6EosmHK/uHxVNAH1IG8xyWpe7pdD6QvzKhnVGpZiKQviGEe iixw92dqWx0R72fuBUzojqeAT1v680t+upshDYm0SlrJWZGym5emJUBs+6LRcx5o F6l9z3teuIacHeUyt/L1J9aoWHS9GKmFyoIgZMYWFMC+D0t03osvUuikDawc3v6P JGrDpDU9pDpLIPUwcT9R/YP8vYq12PfTJnKgWDjCCk5vOADdYbOCgpbu7GkqZFcQ eQBpS45aULq539W+oKpuaeMtXPMkZvFkBExdlvnVmyQ5fX4V16wRyrTci7C+vrwA VXG4TaUF2MBmO6pNnbjCASzblz7A2IJiEdMWeXjej7XA5ZZZ7bGjJe8WcTHpXG9n yRmP7AjJvEtID6oQbTRkJeqpz8sVxyfvqLYMjqECA/pzyX2lCtXOI/Qv16g6wHyk pWesoHlP =rcmR -----END PGP SIGNATURE-----