Hi again,
Am Sat, Aug 02, 2025 at 07:46:56AM +0200 schrieb Andreas Tille:
> Am Fri, Aug 01, 2025 at 11:01:05PM +0300 schrieb Chrysostomos Nanakos:
> > Hey Andreas,
> > just saw your email with regard the yubiserver.
>
> thanks a lot for your fast response.
>
> > I have stopped working on this implementation and using the rust
> > implementation instead. It can be found here if you are interested
> > replacing it or use it:
> >
> > https://github.com/cnanakos/yubiserver-rs
>
> Cool. This sounds very promising.
While yubiserver-rs sounds promising it means on the other hand that the
yubiserver package in Debian is orphaned. Now since bug has RC severity
it might make sense to remove this packagage from Debian and I intend to
do so after waiting one month.
> > I would like to find some time package it and replace the existing one but
> > with no luck so far.
>
> I admit I would like to support your packaging attempt but I can't
> promise anything since I have no experience with Rust packaging. I
> trust that someone in the team might help in case of stumbling stones.
>
> Could you be more verbose about "no luck so far"?
>
> When checking the repository I noticed there are no release tags. I
> would recommend adding such tags to let the world (not only the Debian
> packagers) know, what commit might be of release quality (in contrast to
> development commits). In Debian we could point the watch file to these
> tags.
I have not seen any tags yet. I also need to admit I did not had packaged
any Rust package yet and can't backup your attempt with any knowledge here.
> Alternatively we could create a new package yubiserver-rs make it
> providing yubiserver and remove the original yubiserver from Debian (if
> you think there is no real use for it any more).
Mean while I think removing the current package from Debian seems like a
sensible way to go to not attract users to orphaned security software.
Kind regards
Andreas.
--
https://fam-tille.de
