Source: xca

Severity: important


The xca source package has not been updated in some time, and more
recent bugs have NOT received a reply from the maintainer on the BTS nor
any activity on the maintainer's behalf.  This is evidenced by the
following items to be used as justification:


=== BUG HANDLING === - as stated in
here, RFC 5280 is not precise about UTF8 or PRINTABLESTRING and
therefore the statement of "sorry for the noise" by the bug submitter
suggests that this is no longer an issue - this should've been closed by
maintainer, back in 2017. - my bug from
May indicating two additional packages needing added to enable Remote DB
support has received no reply from the Maintainer, though via direct
email they indicated "I will reply to your bug" and never did. - also my bug
but back in April, regardless of Debian being in freeze, the maintainer
never acknowledged this bug.  Nor has there been any movement on the
package since November of 2018 generally. from April 2018
received no responses or acknowledgement from the Maintainer.  It also
contains a patch which was never acted on to fix a
cross-build-from-source problem which resulted in an FTBFS due to
hardcoded pkg-config in from 2016 never
received a response either from the maintainer, and Maintainer was
'active' during that time.  This also includes a *patch* for the old
version with this problem and that was NEVER addressed.

=== Upstream Versions Not Uploaded in Debian ===

The last actual upload of XCA to the Debian repositories of Unstable was
done in July of 2018.  It then migrated two weeks later to Testing,
however there was later an upstream release in November of 2018 that was
never updated to.

=== Packaging Problems Unresolved ===

As shown in and, vcswatch
can't reach the 'git' repository in use by Tino.  This 404s perpetually
and suggests that Tino is not updating the packaging to reflect changes
in their Git repository functionalities.

DUCK confirms this, that Vcs-Git is bad and the repository is
nonexistent.  This has been failing since at least June.  This package
may also be a prime candidate to be included in Salsa as well.

Further, this VCS repository is NOT the proper Upstream VCS repository -
Upstream has a VCS repository on GitHub that should be used here:

The package as-is is also using an out of date Homepage entry.  XCA
upstream has indicated that is the proper
Home Page now.

=== Minimal or No Response to Inquiries ===

A couple of months ago, I reached out to the MIA team and Tino.  From my
initial inqurity on May 8, 2019, it took a *second* email that was CC'd
to the MIA team to get Tino to reply to me on May 20th, when they
promised to address the bugs I indicated.  It is now July 10th, almost 2
months later, without any acknowledgement on bugs, nor any follow-up


Given this list of problems identified in the xca source package AND the
nonresponsiveness of Tino in this matter, I would like to propose that
this package is in need of Salvaging, and would like to take over
maintainership of this package, or if Tino still desires to maintain
this package, to become co-maintainer of this package if possible. (I
have included the MIA team in the CC because I believe Tino is not
active enough to continue maintainership of this package)

Please note that downstream in a PPA I have also updated the XCA
packaging [1] and source from upstream and it works without issues, if
you need evidence that I am alive, active, and indeed can maintain the
package myself.

My keys are not yet in Debian's keyrings; therefore I would be having
any uploads I utilize sponsored initially.  If necessary, I can find a
sponsor for this.  I can also get this NMU'd and sponsored if needed,
containing the newer upstream revisions and also the proper packaging
changes to make this package 'clean' and to address some of the other

(NOTE: This email has been SIGNED with my Public PGP Key ending in
C26ADDDD and that can be obtained from the SKS Key Servers shortly as it
has just been uploaded to the keyservers, or from the Ubuntu Key Server

Thomas Ward



Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to