Bug#1033333: Don't include in Bookworm
Hi Peter, On Thu, Mar 23, 2023 at 09:23:18PM +, Peter Green wrote: > severity 103 normal > retitle 103 rust-encoding is unmaintained upstream > severity 104 normal > retitle 104 rust-boxfnonce is unmaintained upstream > severity 105 normal > retitle 105 rust-const-cstr is unmaintained upstream > > (summarising several bugs) > > there is https://rustsec.org/advisories/RUSTSEC-{advisory}.html which flags > > that rust-{crate} is unmaintained. Since there are no reverse deps in the > > archive, let's exclude it from bookworm (or rather remove rightaway)? > > I don't know what tool you are using to check for reverse dependencies but > whatever it is does not seem to take account of virtual packages correctly. I've been running a simulated removal using dak itself, as documented here: https://wiki.debian.org/ftpmaster_Removals#Before_requesting_removal Which I suppose also means that ftp.debian.org removals might leave packages behind? > While I agree it's good to move away from crates that are abandoned upstream, > I think it's too late to do so for bookworm and I don't think any of these > crates are sensitive enough to consider such maintenance issues as rc. Sure, that's fair enough, of course. I filed those bugs under the assumption that these already were without rdeps. Cheers, Moritz
Bug#1033333: Don't include in Bookworm
severity 103 normal retitle 103 rust-encoding is unmaintained upstream severity 104 normal retitle 104 rust-boxfnonce is unmaintained upstream severity 105 normal retitle 105 rust-const-cstr is unmaintained upstream (summarising several bugs) there is https://rustsec.org/advisories/RUSTSEC-{advisory}.html which flags that rust-{crate} is unmaintained. Since there are no reverse deps in the archive, let's exclude it from bookworm (or rather remove rightaway)? I don't know what tool you are using to check for reverse dependencies but whatever it is does not seem to take account of virtual packages correctly. (unfortunately I don't know of one that does, I personally resort to grepping the packages/sources files which works but does produce some false positives). Some other rust team members use list-rdeps.sh in the debcargo-conf repository but that only seems to take account of packages packaged through debcargo. plugwash@coccia:~$ zcat /srv/ftp.debian.org/mirror/dists/sid/main/source/Sources.gz /srv/ftp.debian.org/mirror/dists/sid/main/binary-amd64/Packages.gz | grep -v Testsuite-Triggers | grep-dctrl rust-encoding-0.2 -spackage Package: rust-bat Package: rust-gettext Package: librust-bat-dev Package: librust-encoding-dev Package: librust-gettext-dev Package: librust-tendril+encoding-dev plugwash@coccia:~$ zcat /srv/ftp.debian.org/mirror/dists/sid/main/source/Sources.gz /srv/ftp.debian.org/mirror/dists/sid/main/binary-amd64/Packages.gz | grep -v Testsuite-Triggers | grep-dctrl rust-boxfnonce -spackage Package: rust-boxfnonce Package: rust-daemonize Package: librust-boxfnonce-dev Package: librust-daemonize-dev Package: sccache plugwash@coccia:~$ zcat /srv/ftp.debian.org/mirror/dists/sid/main/source/Sources.gz /srv/ftp.debian.org/mirror/dists/sid/main/binary-amd64/Packages.gz | grep -v Testsuite-Triggers | grep-dctrl rust-const-cstr -spackage Package: rust-const-cstr Package: rust-yeslogic-fontconfig-sys Package: librust-const-cstr-dev Package: librust-yeslogic-fontconfig-sys-dev plugwash@coccia:~$ While I agree it's good to move away from crates that are abandoned upstream, I think it's too late to do so for bookworm and I don't think any of these crates are sensitive enough to consider such maintenance issues as rc. daemonize has already moved away from boxfnonce upstream, and the latest upstream git source for sccache has moved to the new version of daemonize so this should be a fairly easy fix, but still probablly too instrusive for the current stage in the release process. I've filed upstream issies for the other two https://github.com/yeslogic/fontconfig-rs/issues/35 https://github.com/sharkdp/bat/issues/2512
Bug#1033333: Don't include in Bookworm
Source: rust-encoding Version: 0.2.33-1 Severity: serious Hi, there is https://rustsec.org/advisories/RUSTSEC-2021-0153.html which flags that rust-encoding is unmaintained. Since there are no reverse deps in the archive, let's exclude it from bookworm (or rather remove rightaway)? Cheers, Moritz