On 2018-12-20 Daniel Kahn Gillmor <d...@fifthhorseman.net> wrote: [...] > On Wed 2018-12-19 11:59:46 -0500, Antoine Beaupré wrote: >> On 2018-12-18 14:34:06, Emilio Pozuelo Monfort wrote: >>> libgcrypt is a bit more worrying, even after dropping most of the noise:
>>> $ diff libgcrypt20-1.*/ | filterdiff -x '*.pc/*' -x '*/debian/*' -x >>> '*/tests/*' >>> | diffstat | tail -1 >>> 263 files changed, 51927 insertions(+), 14888 deletions(-) >> Yeah, that's my concern as well. >> Daniel, what do you think of that diff? Is that something we can >> reasonably review? How much can we expect stability in that upgrade? >> I know you stated before general principles of gpg vs lib / API >> stability, but I'd be curious to hear your thoughts on gcrypt, in this >> specific case. > I agree that an upgrade to gcrypt is the biggest risk here, and i'm not > sure how to evaluate it other than running what meager rdep test suites > we have in jessie. I don't know whether anyone who has been working on > ci.debian.net is following this discussion, but i think it points to > some really salient use cases for test infrastructure. How nice it > would be if a DD could upload a prospective package and say "please run > all test suites for reverse dependencies!" > Andreas Metzler (cc'ed here) has been a stalwart steward of gcrypt in > debian for many years, even after GnuTLS switched to nettle, and > probably has the best sense of what kind of system integration dangers > might lurk in the proposed upgrade for jessie. Perhaps he can comment > on it? [...] Hello, looking at my mail archive gcrypt updates since 1.6 (i.e. since the last soname bump) have been very painless. The only breakage in rdeps I found was #816104, going from 1.6 to 1.7. http://thread.gmane.org/gmane.comp.encryption.gpg.libgcrypt.devel/4487 cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'