Bug#1033333: Don't include in Bookworm
Hi Peter,
On Thu, Mar 23, 2023 at 09:23:18PM +, Peter Green wrote:
> severity 103 normal
> retitle 103 rust-encoding is unmaintained upstream
> severity 104 normal
> retitle 104 rust-boxfnonce is unmaintained upstream
> severity 105 normal
> retitle 105 rust-const-cstr is unmaintained upstream
>
> (summarising several bugs)
> > there is https://rustsec.org/advisories/RUSTSEC-{advisory}.html which flags
> > that rust-{crate} is unmaintained. Since there are no reverse deps in the
> > archive, let's exclude it from bookworm (or rather remove rightaway)?
>
> I don't know what tool you are using to check for reverse dependencies but
> whatever it is does not seem to take account of virtual packages correctly.
I've been running a simulated removal using dak itself, as documented here:
https://wiki.debian.org/ftpmaster_Removals#Before_requesting_removal
Which I suppose also means that ftp.debian.org removals might leave packages
behind?
> While I agree it's good to move away from crates that are abandoned upstream,
> I think it's too late to do so for bookworm and I don't think any of these
> crates are sensitive enough to consider such maintenance issues as rc.
Sure, that's fair enough, of course. I filed those bugs under the assumption
that these
already were without rdeps.
Cheers,
Moritz
Bug#1033333: Don't include in Bookworm
severity 103 normal
retitle 103 rust-encoding is unmaintained upstream
severity 104 normal
retitle 104 rust-boxfnonce is unmaintained upstream
severity 105 normal
retitle 105 rust-const-cstr is unmaintained upstream
(summarising several bugs)
there is https://rustsec.org/advisories/RUSTSEC-{advisory}.html which flags
that rust-{crate} is unmaintained. Since there are no reverse deps in the
archive, let's exclude it from bookworm (or rather remove rightaway)?
I don't know what tool you are using to check for reverse dependencies but
whatever it is does not seem to take account of virtual packages correctly.
(unfortunately I don't know of one that does, I personally resort to
grepping the packages/sources files which works but does produce some
false positives). Some other rust team members use list-rdeps.sh in the
debcargo-conf repository but that only seems to take account of packages
packaged through debcargo.
plugwash@coccia:~$ zcat
/srv/ftp.debian.org/mirror/dists/sid/main/source/Sources.gz
/srv/ftp.debian.org/mirror/dists/sid/main/binary-amd64/Packages.gz | grep -v
Testsuite-Triggers | grep-dctrl rust-encoding-0.2 -spackage
Package: rust-bat
Package: rust-gettext
Package: librust-bat-dev
Package: librust-encoding-dev
Package: librust-gettext-dev
Package: librust-tendril+encoding-dev
plugwash@coccia:~$ zcat
/srv/ftp.debian.org/mirror/dists/sid/main/source/Sources.gz
/srv/ftp.debian.org/mirror/dists/sid/main/binary-amd64/Packages.gz | grep -v
Testsuite-Triggers | grep-dctrl rust-boxfnonce -spackage
Package: rust-boxfnonce
Package: rust-daemonize
Package: librust-boxfnonce-dev
Package: librust-daemonize-dev
Package: sccache
plugwash@coccia:~$ zcat
/srv/ftp.debian.org/mirror/dists/sid/main/source/Sources.gz
/srv/ftp.debian.org/mirror/dists/sid/main/binary-amd64/Packages.gz | grep -v
Testsuite-Triggers | grep-dctrl rust-const-cstr -spackage
Package: rust-const-cstr
Package: rust-yeslogic-fontconfig-sys
Package: librust-const-cstr-dev
Package: librust-yeslogic-fontconfig-sys-dev
plugwash@coccia:~$
While I agree it's good to move away from crates that are abandoned upstream,
I think it's too late to do so for bookworm and I don't think any of these
crates are sensitive enough to consider such maintenance issues as rc.
daemonize has already moved away from boxfnonce upstream, and the latest
upstream git source for sccache has moved to the new version of daemonize
so this should be a fairly easy fix, but still probablly too instrusive
for the current stage in the release process.
I've filed upstream issies for the other two
https://github.com/yeslogic/fontconfig-rs/issues/35
https://github.com/sharkdp/bat/issues/2512
Bug#1033333: Don't include in Bookworm
Source: rust-encoding Version: 0.2.33-1 Severity: serious Hi, there is https://rustsec.org/advisories/RUSTSEC-2021-0153.html which flags that rust-encoding is unmaintained. Since there are no reverse deps in the archive, let's exclude it from bookworm (or rather remove rightaway)? Cheers, Moritz
