Hi If you need a sponsor for yubiserver-rs, please reach out -- it would be nice to have a replacement in Debian. Btw, I suggest to use pkg-security team rather than pkg-auth-maintainers, I'm trying to wind down the latter.
/Simon Chrysostomos Nanakos <[email protected]> writes: > Hi Andreas, > fair enough. Let’s remove it with next step being the packaging of > yubiserver-rs. > > Kind regards, > Chrysostomos. > >> On 16 Nov 2025, at 19:07, Andreas Tille <[email protected]> wrote: >> >> Hi again, >> >> Am Sat, Aug 02, 2025 at 07:46:56AM +0200 schrieb Andreas Tille: >>> Am Fri, Aug 01, 2025 at 11:01:05PM +0300 schrieb Chrysostomos Nanakos: >>>> Hey Andreas, >>>> just saw your email with regard the yubiserver. >>> >>> thanks a lot for your fast response. >>> >>>> I have stopped working on this implementation and using the rust >>>> implementation instead. It can be found here if you are interested >>>> replacing it or use it: >>>> >>>> https://github.com/cnanakos/yubiserver-rs >>> >>> Cool. This sounds very promising. >> >> While yubiserver-rs sounds promising it means on the other hand that the >> yubiserver package in Debian is orphaned. Now since bug has RC severity >> it might make sense to remove this packagage from Debian and I intend to >> do so after waiting one month. >> >>>> I would like to find some time package it and replace the existing one but >>>> with no luck so far. >>> >>> I admit I would like to support your packaging attempt but I can't >>> promise anything since I have no experience with Rust packaging. I >>> trust that someone in the team might help in case of stumbling stones. >>> >>> Could you be more verbose about "no luck so far"? >>> >>> When checking the repository I noticed there are no release tags. I >>> would recommend adding such tags to let the world (not only the Debian >>> packagers) know, what commit might be of release quality (in contrast to >>> development commits). In Debian we could point the watch file to these >>> tags. >> >> I have not seen any tags yet. I also need to admit I did not had packaged >> any Rust package yet and can't backup your attempt with any knowledge here. >> >>> Alternatively we could create a new package yubiserver-rs make it >>> providing yubiserver and remove the original yubiserver from Debian (if >>> you think there is no real use for it any more). >> >> Mean while I think removing the current package from Debian seems like a >> sensible way to go to not attract users to orphaned security software. >> >> Kind regards >> Andreas. >> >> -- >> https://fam-tille.de > >
signature.asc
Description: PGP signature
