Cyril Brulebois <cy...@debamax.com> (2022-10-12): > New packages: > ------------- > > - golang-ariga-atlas > + required by golang-entgo-ent > - golang-entgo-ent > + required by crowdsec > + replaces golang-github-facebook-ent > - golang-github-alexliesenfeld-health > + required by crowdsec > - golang-github-c-robinson-iplib > + required by crowdsec > - golang-github-confluentinc-bincover > + required by crowdsec > - golang-github-crowdsecurity-dlog > + required by crowdsec > - golang-github-crowdsecurity-grokky > + required by crowdsec > + replaces golang-github-logrusorgru-grokky > - golang-github-crowdsecurity-machineid > + required by crowdsec > - golang-github-jszwec-csvutil > + required by crowdsec > - golang-github-r3labs-diff > + required by crowdsec > - golang-github-slack-go-slack > + required by crowdsec
All in NEW: #1021716: ITP: golang-ariga-atlas #1021721: ITP: golang-entgo-ent #1021725: ITP: golang-github-alexliesenfeld-health #1021720: ITP: golang-github-c-robinson-iplib #1021717: ITP: golang-github-confluentinc-bincover #1021715: ITP: golang-github-crowdsecurity-dlog #1021718: ITP: golang-github-crowdsecurity-grokky #1021724: ITP: golang-github-crowdsecurity-machineid #1021719: ITP: golang-github-jszwec-csvutil #1021722: ITP: golang-github-r3labs-diff Uploaded to NEW, but dinstall is still running: #1021741: ITP: golang-github-slack-go-slack For the last one, I had failed to spot earlier work that seems to have stalled a bit since then: https://salsa.debian.org/go-team/packages/golang-github-slack-go-slack/-/issues/5#note_284108 I've taken the liberty to push the latest version, but I'll make sure to credit Takuma Shibuya in a follow-up commit! The package seems quite similar, and we encountered the same issue, which I've filed upstream: https://github.com/slack-go/slack/issues/1116 I'm very sorry, I only realized when creating the Salsa repository, which failed because it existed already! > New -vN packages: > ----------------- > > - golang-github-apparentlymart-go-textseg-v13 > + required by (updated) golang-github-zclconf-go-cty > + upstream documents using the /v13 path in `go get`, go.mod, etc. > + golang-github-apparentlymart-go-textseg-dev has a few reverse > dependencies in main > + a few patches were needed to support Unicode 13 / Go 1.19, so > using a new -v13 package seems safer than trying to switch the > existing versionless package to a new upstream release; some > users of /v12 are actually shipping vendorized hashicorp/hcl, > so I'm not sure we could fix anything even if we wanted to… > (see nomad* and packer further down). Dropped! Thanks to Shengjing Zhu's feedback, I'm sticking to the unversioned golang-github-apparentlymart-go-textseg(-dev). > - golang-github-hashicorp-hcl-v2 > + required by golang-ariga-atlas > + golang-github-hashicorp-hcl-dev has 98 reverse dependencies in > main, so keeping the existing versionless package and introducing a > -v2 looks much safer! > + will likely be beneficial to others, since hashicorp/hcl is > currently stuck at 1.0.0, and hashicorp/hcl/v2 is vendorized by > other packages… In NEW as well: #1021723: ITP: golang-github-hashicorp-hcl-v2 > Updated packages: > ----------------- > > - golang-github-gin-gonic-gin > + required by crowdsec > + update from 1.6.3 to 1.8.1 > + ratt is fine except: > - crowdsec: > + I'm working on its update, the old version doesn't count! > - golang-gitlab-gitlab-org-labkit: > + already RC-buggy: #1021583 (FTBFS) > - golang-nhooyr-websocket: > + package confusion, fixed in 1.8.7-3 > > https://salsa.debian.org/go-team/packages/golang-nhooyr-websocket/-/commit/e00ff53 > - nomad: > + already RC-buggy: #1000441 (FTBFS), #1021273 (many CVEs), > #994214 (FTBFS) > - prometheus: > + already RC-buggy: #1020145 (FTBFS) Final ratt check before uploading, only failures were: - golang-gitlab-gitlab-org-labkit: #1021583 - nomad: multi-RC buggy. Uploaded and accepted into unstable. > - golang-github-zclconf-go-cty > + required by golang-github-hashicorp-hcl-v2 > + update from 1.5.1 to 1.11.0 > + ratt is fine except: > - nomad: > + already RC-buggy: #1000441, #1021273, #994214 > + additionally, undocumented (build-)dep on > golang-github-apparentlymart-go-textseg, which is going to be > exposed by golang-github-zclconf-go-cty moving to the -v13 > package: #1021650 > - nomad-driver-podman: > + RC-buggy, outdated > + additionally, undocumented (build-)dep on > golang-github-apparentlymart-go-textseg, via nomad and its > golang-github-hashicorp-nomad-dev (#1021650): #1021652 > - packer > + undocumented (build-)dep on > golang-github-apparentlymart-go-textseg, which is going to be > exposed by golang-github-zclconf-go-cty moving to the -v13 > package: #1021654 > + This one can be fixed (right now) since it doesn't otherwise > FTBFS. Since packer was fixed by Shengjing Zhu, the only failures are: - nomad - nomad-driver-podman Uploaded and accepted into unstable. Since we're sticking to the unversioned go-textseg package in go-cty, we're still pulling the right package indirectly, but it would make sense to fix the missing (build-)dependency anyway; and to switch the import path from /v12 to /v13. I might do that but since those packages are in a rather bad shape already, I might skip that entirely; I'll update the bug reports (#1021650, #1021652) regarding what actually happened on the go-textseg front (no new package). > In summary, updating those two packages would break a little more > existing packages that are already RC-buggy; and that “extra breakage” > would only be about exposing existing issues (hidden by accident) for > which trivial patches aren't sufficient due to other, more important > issues. The following bug reports would get a severity bump from > important to serious after golang-github-zclconf-go-cty is uploaded: > #1021650 (nomad), #1021652 (nomad-driver-podman), #1021654 (packer); > even if I'm about to fix the last one in advance. Of course: please let me know if you spot any problems with all those new repositories and all those uploads! Cheers, -- Cyril Brulebois -- Debian Consultant @ DEBAMAX -- https://debamax.com/
signature.asc
Description: PGP signature