Hi Andreas, fair enough. Let’s remove it with next step being the packaging of yubiserver-rs.
Kind regards, Chrysostomos. > On 16 Nov 2025, at 19:07, Andreas Tille <[email protected]> wrote: > > Hi again, > > Am Sat, Aug 02, 2025 at 07:46:56AM +0200 schrieb Andreas Tille: >> Am Fri, Aug 01, 2025 at 11:01:05PM +0300 schrieb Chrysostomos Nanakos: >>> Hey Andreas, >>> just saw your email with regard the yubiserver. >> >> thanks a lot for your fast response. >> >>> I have stopped working on this implementation and using the rust >>> implementation instead. It can be found here if you are interested >>> replacing it or use it: >>> >>> https://github.com/cnanakos/yubiserver-rs >> >> Cool. This sounds very promising. > > While yubiserver-rs sounds promising it means on the other hand that the > yubiserver package in Debian is orphaned. Now since bug has RC severity > it might make sense to remove this packagage from Debian and I intend to > do so after waiting one month. > >>> I would like to find some time package it and replace the existing one but >>> with no luck so far. >> >> I admit I would like to support your packaging attempt but I can't >> promise anything since I have no experience with Rust packaging. I >> trust that someone in the team might help in case of stumbling stones. >> >> Could you be more verbose about "no luck so far"? >> >> When checking the repository I noticed there are no release tags. I >> would recommend adding such tags to let the world (not only the Debian >> packagers) know, what commit might be of release quality (in contrast to >> development commits). In Debian we could point the watch file to these >> tags. > > I have not seen any tags yet. I also need to admit I did not had packaged > any Rust package yet and can't backup your attempt with any knowledge here. > >> Alternatively we could create a new package yubiserver-rs make it >> providing yubiserver and remove the original yubiserver from Debian (if >> you think there is no real use for it any more). > > Mean while I think removing the current package from Debian seems like a > sensible way to go to not attract users to orphaned security software. > > Kind regards > Andreas. > > -- > https://fam-tille.de
