Cyril Brulebois <cy...@debamax.com> (2022-10-12): > New packages: > ------------- > > - golang-ariga-atlas > + required by golang-entgo-ent > - golang-entgo-ent > + required by crowdsec > + replaces golang-github-facebook-ent > - golang-github-alexliesenfeld-health > + required by crowdsec > - golang-github-c-robinson-iplib > + required by crowdsec > - golang-github-confluentinc-bincover > + required by crowdsec > - golang-github-crowdsecurity-dlog > + required by crowdsec > - golang-github-crowdsecurity-grokky > + required by crowdsec > + replaces golang-github-logrusorgru-grokky > - golang-github-crowdsecurity-machineid > + required by crowdsec > - golang-github-jszwec-csvutil > + required by crowdsec > - golang-github-r3labs-diff > + required by crowdsec > - golang-github-slack-go-slack > + required by crowdsec
All in NEW:
#1021716: ITP: golang-ariga-atlas
#1021721: ITP: golang-entgo-ent
#1021725: ITP: golang-github-alexliesenfeld-health
#1021720: ITP: golang-github-c-robinson-iplib
#1021717: ITP: golang-github-confluentinc-bincover
#1021715: ITP: golang-github-crowdsecurity-dlog
#1021718: ITP: golang-github-crowdsecurity-grokky
#1021724: ITP: golang-github-crowdsecurity-machineid
#1021719: ITP: golang-github-jszwec-csvutil
#1021722: ITP: golang-github-r3labs-diff
Uploaded to NEW, but dinstall is still running:
#1021741: ITP: golang-github-slack-go-slack
For the last one, I had failed to spot earlier work that seems to have
stalled a bit since then:
https://salsa.debian.org/go-team/packages/golang-github-slack-go-slack/-/issues/5#note_284108
I've taken the liberty to push the latest version, but I'll make sure
to credit Takuma Shibuya in a follow-up commit!
The package seems quite similar, and we encountered the same issue,
which I've filed upstream:
https://github.com/slack-go/slack/issues/1116
I'm very sorry, I only realized when creating the Salsa repository,
which failed because it existed already!
> New -vN packages:
> -----------------
>
> - golang-github-apparentlymart-go-textseg-v13
> + required by (updated) golang-github-zclconf-go-cty
> + upstream documents using the /v13 path in `go get`, go.mod, etc.
> + golang-github-apparentlymart-go-textseg-dev has a few reverse
> dependencies in main
> + a few patches were needed to support Unicode 13 / Go 1.19, so
> using a new -v13 package seems safer than trying to switch the
> existing versionless package to a new upstream release; some
> users of /v12 are actually shipping vendorized hashicorp/hcl,
> so I'm not sure we could fix anything even if we wanted to…
> (see nomad* and packer further down).
Dropped! Thanks to Shengjing Zhu's feedback, I'm sticking to the
unversioned golang-github-apparentlymart-go-textseg(-dev).
> - golang-github-hashicorp-hcl-v2
> + required by golang-ariga-atlas
> + golang-github-hashicorp-hcl-dev has 98 reverse dependencies in
> main, so keeping the existing versionless package and introducing a
> -v2 looks much safer!
> + will likely be beneficial to others, since hashicorp/hcl is
> currently stuck at 1.0.0, and hashicorp/hcl/v2 is vendorized by
> other packages…
In NEW as well:
#1021723: ITP: golang-github-hashicorp-hcl-v2
> Updated packages:
> -----------------
>
> - golang-github-gin-gonic-gin
> + required by crowdsec
> + update from 1.6.3 to 1.8.1
> + ratt is fine except:
> - crowdsec:
> + I'm working on its update, the old version doesn't count!
> - golang-gitlab-gitlab-org-labkit:
> + already RC-buggy: #1021583 (FTBFS)
> - golang-nhooyr-websocket:
> + package confusion, fixed in 1.8.7-3
>
> https://salsa.debian.org/go-team/packages/golang-nhooyr-websocket/-/commit/e00ff53
> - nomad:
> + already RC-buggy: #1000441 (FTBFS), #1021273 (many CVEs),
> #994214 (FTBFS)
> - prometheus:
> + already RC-buggy: #1020145 (FTBFS)
Final ratt check before uploading, only failures were:
- golang-gitlab-gitlab-org-labkit: #1021583
- nomad: multi-RC buggy.
Uploaded and accepted into unstable.
> - golang-github-zclconf-go-cty
> + required by golang-github-hashicorp-hcl-v2
> + update from 1.5.1 to 1.11.0
> + ratt is fine except:
> - nomad:
> + already RC-buggy: #1000441, #1021273, #994214
> + additionally, undocumented (build-)dep on
> golang-github-apparentlymart-go-textseg, which is going to be
> exposed by golang-github-zclconf-go-cty moving to the -v13
> package: #1021650
> - nomad-driver-podman:
> + RC-buggy, outdated
> + additionally, undocumented (build-)dep on
> golang-github-apparentlymart-go-textseg, via nomad and its
> golang-github-hashicorp-nomad-dev (#1021650): #1021652
> - packer
> + undocumented (build-)dep on
> golang-github-apparentlymart-go-textseg, which is going to be
> exposed by golang-github-zclconf-go-cty moving to the -v13
> package: #1021654
> + This one can be fixed (right now) since it doesn't otherwise
> FTBFS.
Since packer was fixed by Shengjing Zhu, the only failures are:
- nomad
- nomad-driver-podman
Uploaded and accepted into unstable.
Since we're sticking to the unversioned go-textseg package in go-cty,
we're still pulling the right package indirectly, but it would make
sense to fix the missing (build-)dependency anyway; and to switch the
import path from /v12 to /v13. I might do that but since those packages
are in a rather bad shape already, I might skip that entirely; I'll
update the bug reports (#1021650, #1021652) regarding what actually
happened on the go-textseg front (no new package).
> In summary, updating those two packages would break a little more
> existing packages that are already RC-buggy; and that “extra breakage”
> would only be about exposing existing issues (hidden by accident) for
> which trivial patches aren't sufficient due to other, more important
> issues. The following bug reports would get a severity bump from
> important to serious after golang-github-zclconf-go-cty is uploaded:
> #1021650 (nomad), #1021652 (nomad-driver-podman), #1021654 (packer);
> even if I'm about to fix the last one in advance.
Of course: please let me know if you spot any problems with all those
new repositories and all those uploads!
Cheers,
--
Cyril Brulebois -- Debian Consultant @ DEBAMAX -- https://debamax.com/
signature.asc
Description: PGP signature
