Hi Aron, On 14-07-2024 07:37, Paul Gevers wrote:
On 28-06-2024 5:44 a.m., Aron Xu wrote:Would like to know if such steps would help resolve the issue better: - revert to a previous version which does not have API/ABI breakage - apply/port security patches on a best effort basis - help upstream to check and fix API/ABI changesI think all three would help, where the first one is the quickest one to get things moving again. Given the severity of the security issue mentioned in the changelog I think you could even consider ignoring item number two for now, but maybe you mean going forward.Or do you have any recommendations?There is the option to do a Debian specific SONAME bump, but if the break was not intended and might get reverted that's probably a bad idea. And if the changes are here to stay, upstream should bump SONAME themselves.
While the upstream bug about the soname breakage seems to have halted, can we please get some resolution in Debian please? The fact that libxml2 can't migrate as-is is hurting more and more (particularly the creation of a useful testing for riscv64).
If upstream is really reluctant to bump SONAME when they should, maybe you should prepare for a maintenance scheme to do that in Debian when needed. Ideally the scheme should be designed such that when upstream bumps SONAME, you can follow them again.
Paul
OpenPGP_signature.asc
Description: OpenPGP digital signature
