Reinhard Tartler <siret...@gmail.com> writes: > On Mon, Mar 17, 2025 at 6:42 PM Simon Josefsson <si...@josefsson.org> wrote: > >> All, >> >> We now have the maintained fork in Debian: >> >> https://tracker.debian.org/pkg/golang-github-smallstep-pkcs7 >> >> I think all packages below could be migrate to it. Upstream seems >> supportive to make that happen. >> >> But I'm not sure it is a good idea to start on this now... we are >> getting closer to the release. Thoughts? I worry that if we are not >> able to make all uses go away, then we are almost worse off than before. >> So maybe we should just fix the RC bugs in those two unmaintained >> packages. >> > > I personally agree that we should proceed, but it does technically fall > into the category "transition freeze" cf. > https://release.debian.org/testing/freeze_policy.html#transition. However, > I think we should ask the release team for their opinion. To make it easier > for them, we should provide them with background and the maintenance status > of the libraries. > > Did you check whether the API has changed? Your idea to provide (by > building a transitional package with the old name -- I don't think using > the "Provides" package relationship would do in this case) the old package > name can be useful to check whether introducing the fork would require code > changes in downstream packages. If we can demonstrate that this switch is > not causing build issues, that would instill confidence in this > transition.
Yes let's try to see if packages build with golang-github-smallstep-pkcs7 before bothering the release team. If they all build and pass self-tests on Salsa, I think we are in fairly good shape and maybe could upload to experimental and ask the release team to take a look. I don't think anyone has really touched the API for a long time, including the maintained fork which just clean up some minor things. I think this is the list of source packages that need to be rebuilt: https://tracker.debian.org/pkg/gitlab-ci-multi-runner https://tracker.debian.org/pkg/golang-github-containers-image https://tracker.debian.org/pkg/golang-github-containers-ocicrypt https://tracker.debian.org/pkg/golang-github-digitorus-timestamp https://tracker.debian.org/pkg/golang-github-foxboron-go-uefi https://tracker.debian.org/pkg/golang-github-micromdm-scep https://tracker.debian.org/pkg/golang-github-sigstore-timestamp-authority https://tracker.debian.org/pkg/golang-github-smallstep-certificates https://tracker.debian.org/pkg/podman https://tracker.debian.org/pkg/sigstore-go I see that golang-github-smallstep-certificates upstream already has changed and uses golang-github-smallstep-pkcs7, and maybe this is true for the some other too. Some of these may even be incorrect, there is nothing in 'sigstore-go' that uses golang-github-digitorus-pkcs7-dev, so I think it could just be removed. /Simon > > > -rt > > >> >> The code between these three packages is similar though, so migration >> could be simple. >> >> The new golang-github-smallstep-pkcs7 package could do something to make >> it easier to migrate to it, but right now you need to rebuild all >> packages below with a patch that changes the Build-Depends in >> debian/control and also a patch to change the import namespace in code >> using it. >> >> We could start asking upstreams of the packages below to consider >> migrate to golang-github-smallstep-pkcs7 as well. If there is pushback >> (rather than silence/ignorance) we may learn something. >> >> /Simon >> >> jas@kaka:~/dpkg$ ssh mirror.ftp-master.debian.org "dak rm -Rn -b >> golang-github-fullsailor-pkcs7-dev golang-github-digitorus-pkcs7-dev" >> Will remove the following packages from unstable: >> >> golang-github-digitorus-pkcs7-dev | 0.0~git20230818.3a137a8-2 | all >> golang-github-fullsailor-pkcs7-dev | 0.0~git20210826.33d0574-3 | all >> >> Maintainer: Debian Go Packaging Team <team+pkg...@tracker.debian.org> >> >> ------------------- Reason ------------------- >> >> ---------------------------------------------- >> >> Checking reverse dependencies... >> # Broken Depends: >> golang-github-containers-ocicrypt: golang-github-containers-ocicrypt-dev >> golang-github-digitorus-timestamp: golang-github-digitorus-timestamp-dev >> golang-github-micromdm-scep: golang-github-micromdm-scep-dev >> golang-github-sigstore-timestamp-authority: >> golang-github-sigstore-timestamp-authority-dev >> golang-github-smallstep-certificates: >> golang-github-smallstep-certificates-dev >> sigstore-go: golang-github-sigstore-sigstore-go-dev >> >> # Broken Build-Depends: >> gitlab-ci-multi-runner: golang-github-fullsailor-pkcs7-dev >> golang-github-containers-image: golang-github-fullsailor-pkcs7-dev >> golang-github-containers-ocicrypt: golang-github-fullsailor-pkcs7-dev >> golang-github-digitorus-timestamp: golang-github-digitorus-pkcs7-dev >> golang-github-foxboron-go-uefi: golang-github-fullsailor-pkcs7-dev >> golang-github-micromdm-scep: golang-github-fullsailor-pkcs7-dev >> (0.0~git20210826.33d0574~ >=) >> golang-github-sigstore-timestamp-authority: >> golang-github-digitorus-pkcs7-dev >> golang-github-smallstep-certificates: golang-github-fullsailor-pkcs7-dev >> podman: golang-github-fullsailor-pkcs7-dev >> >> Dependency problem found. >> >> jas@kaka:~/dpkg$ >>
signature.asc
Description: PGP signature
