Bug#1069575: FTBFS in experimental

[Jonas Smedegaard]

Control: block -1 by 1071902

Quoting Matthias Geiger (2024-05-26 11:20:09)
> I will look into updating concurrent-queue to 2.5.0 then.

Please also see https://bugs.debian.org/1071902

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1071902: rust-event-listener: event-listener v5 is considered buggy

[Jonas Smedegaard]

Source: rust-event-listener
Version: 2.5.3-4
Severity: grave
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

rust-event-listener v5 is considered buggy upstream, and therefore
unsuitable for a stable Debian release.

Please do *not* release this to Debian unstable, as it will cause at
least anything depending on async-lock to be impossible to resolve its
dependency chain.

https://github.com/smol-rs/async-lock/issues/81

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmZSOQAACgkQLHwxRsGg
ASHLRg/9GYKK/Ef2K9e3D/ARSiUVyMY08zIrWer4zlQ+y2jBTJzXxfJu/AIAmx+p
fDbwOiVheuQ+OcTphy2gepYAaIUmyTVM7Y9LPgMqwDQ84wYTCUvR8Fd/UvZ32G93
Qtz/fYP37Xy9Cl0dNxEaun/6wysUkYAWrD/e+1zQsAwVrTqgGr4Ayx0XShP4IRG/
27FQ2NLGs23sRZYQ7C45uJOdZiQHXXTpntN5LyWflHcbQwamB98yqF/9Ncs3EGJp
1JjJGpy2MkAjY9ic5Cqh5mmOyUjCCOnf7k4XIgUh6jhr6ler8Iv+KQ/1LNgQq8GV
mVSrrBY6UaaNqJfGywYzpt/EZqi0qnZl5MhmCJeyWdWgFINk5z6njiTnsQF0bH5o
V1/SxvKvxYkzyCsF5wqNUDJvUjNwzd4BDZWJuBnTHqYEZ+szm8aEpEenuG4ouLpu
NDCj+CbG/b2/dV8Pzy+igUBuQH1BXyf4q9ghQ/qgRiGPbjoRHEgiFLLranRfx8yu
vFCkqcnTf5vboXMwTbH5WFxd2goFRorVmrS6aq3pj2sz3FWalqr/i/b+w/znfA7n
yGSm5+C6HmL7JPLuMzFEVjP/ICUgwzdCFKADKIaiE3SbKuOoQIXz5Ck4b13q7Zv9
Xvbh+BsA+zBqAdmBCcn1OXZJOSV8Ho13mxR2x3jxozBKvI0XyAQ=
=LybZ
-END PGP SIGNATURE-

Bug#1069575: FTBFS in experimental

[Jonas Smedegaard]

Control: block -1 by 1071900 

Quoting Jonas Smedegaard (2024-05-25 20:13:12)
> Ahh, you are talking about *async-channel* v2.3.0. Please consider in
> future to mention crate name, both in email subject and in content, to
> help disambiguate.
> 
> I'll have a go at updating async-channel, and tighten dependency on that
> from async-process to see if that solves the FTBFS of async-process.
> 
> Thanks for nudging,

...and now I remember what held me back last I had a look at this:
async-channel v2.3.0 is broken. Bugfix released with v2.3.1 was to
tighten dependency on concurrent-queue, to a version newer than what is
in Debian.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1069575: FTBFS in experimental

[Jonas Smedegaard]

Quoting Matthias Geiger (2024-05-25 17:29:45)
> On Wed, 15 May 2024 22:18:38 +0200 Matthias Geiger 
>  wrote:
>  > On Mon, 22 Apr 2024 19:45:07 +0200 Matthias Geiger
>  >  wrote:
>  > > On Sat, 20 Apr 2024 20:36:11 +0200 Matthias Geiger
>  > >  wrote:
>  > > > Source: rust-async-process
>  > > > Version: 1.7.0-4
>  > > > Severity: important
>  > > > Tags: ftbfs
>  > > > X-Debbugs-Cc: jbi...@debian.org, werdah...@riseup.net
>  > > >
>  > > >
>  > > > I didn't have time to investigate this yet. I'd appreciate it if you
>  > > > coud take a look at this as it is blocking the
>  > > > event-listener-transition.
>  > >
>  > > >
>  > >
>  > > 2.2.1 (the latest upstream release) should fix this. Please consider
>  > > uploading this version so we can proceed with the event-listener
>  > transition.
>  > >
>  >
>  > 2.3 depends on event-listener-strategy 0.5; this release should fix
>  > this. I will create a debdiff later and send it over.
> 
> 
> Hi Jonas,
> 
> is there anything blocking this ? Having 2.3  in exp would resolve the 
> FTBFS and pave the way to switch to event-listener 5 (and zbus 4.0 later 
> on).

I am not quite sure what you are suggesting here.

You write about "2.3", but "2.3" of what?

As far as I am aware, the newest release of crate "async-process" is
v2.1.1.

[some time later]

Ahh, you are talking about *async-channel* v2.3.0. Please consider in
future to mention crate name, both in email subject and in content, to
help disambiguate.

I'll have a go at updating async-channel, and tighten dependency on that
from async-process to see if that solves the FTBFS of async-process.

Thanks for nudging,


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1069790: librust-err-derive-dev: impossible to install

[Jonas Smedegaard]

Package: librust-err-derive-dev
Version: 0.3.1-1+b1
Followup-For: Bug #1069790

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

This issue is not yet solved. Not sure why it was flagged as done, without 
further information - it is not yet done.

If you need more details, then please elaborate which details is needed.

 - Jonas

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmZHsSwACgkQLHwxRsGg
ASHJURAAmJ1OCH2gxOBMawEvVlxeVK6vKkO7T6tRqkCyfuR69Wh/4+IaXeygNIn4
xZsF4LQ7j7ffE7NQzt0TP5nIjBLHENbI3iL07e1QWKiW/xsAjKQKQW95zd5TiKHp
uAC55AwtAGJ9MXAW+yTO9X2vtwu3AFr4cXQnofSAC8MU9CyrjD3HnFDbQQr8XJ3K
RvlqcLqPDEfYd+G0cyaMuRYZyDesxPZzgFcC054eZemt9XZ4kOOJ5+vLNO4RRsFO
dqE4XEmMvEPh1UzJPrIMRIGfRazQ4ZrdaSjxfnyfkGRJ1JMPq5UgjHw3E15B4WIB
tQfl2XFXD+zb6Ek4y7cuZRoP5e3U4MEU4YXEVc1GzcFi9hrnds3vGEKLbwOmVIMu
t+oTcDE04egtIU8Ex1ahd3U5/dTVwQM6h3gWZUyGzOZCgP6fLvOnc9DxtaUjddWj
7RyQ0sF+WppnDCVPqt08bCcW4j8ge6xfSgVmEyOkTt8lCklQIM/h825AlTDKG17B
/Iso0luKrm8bDzlgvGdl+hidL7onPMw6M/fmQUW2UjX1f+Y701/6jy2l9LzGWJII
YlITW/tgylgve4bQLiodqx5RTor0Krnj2kDnSpKLDl8VL099Ax/0xEKPwEwTRhmL
7REMrzHAh0xUUk6jnV4f+MDT6OdwNitTB5mQncZDyMAQO8+XMto=
=H8Zf
-END PGP SIGNATURE-

Bug#1071270: librust-hashbrown-dev: fails to build: method `resize_inner` not found for this struct

[Jonas Smedegaard]

Package: librust-hashbrown-dev
Version: 0.14.5-2
Severity: serious
Tags: ftbfs
Justification: fails to build from source (but built successfully in the past)

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Fails to build (as part of compiling sccache), like this:

   Compiling hashbrown v0.14.5
error[E0599]: no method named `resize_inner` found for struct `RawTableInner` 
in the current scope
--> 
/build/sccache-0.8.0/debian/cargo_registry/hashbrown-0.14.5/src/raw/mod.rs:1285:20
 |
795  | struct RawTableInner {
 |  method `resize_inner` not found for this struct
...
1285 | self.table.resize_inner(
 | --- help: there is a method with a similar 
name: `find_inner`

error[E0599]: no method named `resize_inner` found for mutable reference ` 
RawTableInner` in the current scope
--> 
/build/sccache-0.8.0/debian/cargo_registry/hashbrown-0.14.5/src/raw/mod.rs:2950:18
 |
2950 | self.resize_inner(
 | - help: there is a method with a similar 
name: `find_inner`


 - Jonas

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmZHWIYACgkQLHwxRsGg
ASEa/Q/8CDxJ8ILMs7EaYwkrmYqbjuVerRM704SUMnyJ/qzY7xFx1EaNEbQbjreg
feFa7bNBpEVCB2LlNSRt5zI4kJc8zAEvDFTDExHN8yHAY5Ml9sQhNxFe/p9IChlx
4nUvYYVOaccCfJUwE1Xv1iuDXhC/ukKpNpwkiRE0YB/PqyM1VFPseU6TLZHHcpj5
D/JBgz2Tgo/fYDCvkuqG5DtBwBh2F9+XcEnMLZS5Kp1qKzvxRdY0aA/wags2hAOT
6n07ehPvXIx9wBX7QHrzOm6DZC8R158hactb9VwqHE9Tesbqo1sSPEiRcUYgJxqu
HtJ2cl9d8ln0pfOVbIcweDP7ZoFbTg29KKd6lU82o8f7iTLdYIjhve2i/Z0lAjF2
w+nM4ToSQtFV7A3U5hHpXnEWXGOEmda4aOFTh3RcnND94aYUyv1Ct9jgsZ8ffOl8
th28vJQw4sXAE6nOkqUtCarHVKLnjrNXGecCvzT5twH8gk2kGaPZmKNinzm0Ye7k
owqXLCYkbmt5t5DX+oiKzFQ2bnd/yYsKOvBABK8NnjyHF+u6A42rGfIWOMGKWA6S
J5PPpkmLOHJJce3JBv0F2M9R+ws0vDCB2LtaIzwwc8jdJgt2y/5HBPFlgGz0xi2h
gL0D45aKP+gbIvU3Q8HETzfOdcuy3FG5hFcc7Hiz/zJI+NoY4Iw=
=9pN9
-END PGP SIGNATURE-

Bug#1070352: rust-err-derive: fails to build from source on all architectures

[Jonas Smedegaard]

Source: rust-err-derive
Version: 0.3.1-1
Severity: serious
Tags: ftbfs
Justification: fails to build from source (but built successfully in the past)

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

The package fails to build from source om all architectures.

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmY1+IIACgkQLHwxRsGg
ASFEXQ/9ECTK/4Ztwvkm0XTX458Afj5nMERIk5LhOrZAoJK+uYVcTXBNPMjhlyhC
u4gk3/Gc/f+noel7Af26vpzawPaTbKSXHhcKAydjTDdTPgXNwhrgfWiqsOfOktoA
Vy6+l29wjcqwLqbDIvHCGc4wdMEsctB/w6+8zhYNkuzjXOFdY3sREl+SFfEzXql3
O8sMJHjBlisWtbqHftHVgLuk7nOmP56cNJB9a/suQ8WpX/vCawdQPrj0x2W2jT0O
QWLWrbc5Qxe0QuDbm+SeZnYlbUTqjfguP11xXc7xwo3GhRxrkMHtcuiUAjcIz/lk
hGaec5faM6BpdNOZaE3Gp94ct1fBmHt70cRuu2khbXABdvMLHmBFjzkf3iDI7Tev
FsU1AdxTiCzlYZ/l4biPmA/vdrp2KikeTwZ56xkv4jv7WtXpux1Ey4/VAeK8/wrm
Of9ENrlvhkgZdCthVy2Nt3u1eWn6kV/+BdyfNqohGoPjvQzopuuwG4elHf/3+WJz
eXynn+NhWyhb33YU12ROH2b4SxObK9olp6+Feo/fw3XIoT8A0+OnqMqBnOYYfPVW
ncBZa5/cqg0l/2L+5yRbRbSEWbf2tw7+6x3EU3KpXe5V/D/9SXp6TaM0xVdGWSJf
tgrlxcZGdRjCDEgATgumqjifhmP/0ThfXk4nNqF6byXwgEfDIJM=
=dcqX
-END PGP SIGNATURE-

Bug#1069946: rust-webpki-roots: hardcoded root certs are unfit for stable Debian

[Jonas Smedegaard]

Source: rust-webpki-roots
Version: 0.26.1-1
Severity: grave
Tags: upstream
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

The purpose of WebPKI-Roots is to hardcode a static set of PKI
certificates into compiled code.
This functionality is unfit for a Debian stable release, where the
ability to update certificates is crucial for the long lifespan of the
release.

Hence flagging this as a severe bug, to avoid this package to trickle
into testing and from there into stable.

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmYs6eAACgkQLHwxRsGg
ASE72w/+MedwMxfVZceByG1b0b0NgXBqVKDy1vYa4evK7dtK8Tw/jhEIgGeOlwji
cjoPM974u+DCwhMKvaKjIOjQnokr6NL47g0uGj1aUKvNL/Gv6hHNBVXLyyN14wqS
jpl7QpLNkpSISy8TPEwR8dVtQYaRoxWneIRdYMM+SAh5h+MMWlesXQ964G37ZQPH
iOC1RmQs/WGLgPf3pR+rFOz0IgKBMyX5DIUj/KLffLpI3Va4F5BsJib54E3JbQKc
4SLu5iTEJPROp+DTR5YZg3nyF0//qdzWCejRVOu0RxNxXy4GtN0g/aXQzR4zJpY9
5LrExmr7gEb/Gwi5K21P1RMVUSUISg19z5rhcOTciJ4FBI2DY/72F6/lWwaXIrDe
eui0KsOkUmqiexgj2qT8g6hD+LWkfl7mc2i8a/x0epkgXwMu9/2BclsQpVqhkGVt
+X/fzsBOzd6So0V7GZctfZRSbUGBY8aHx/fZ9TXFv52wDEV+yt+ZdsCct0fuXOJK
KThXXZZrlLjms7DjlniInTrlfkkKFoqtlXT7NDakeAD6iNMmGseJ05D0li7mqvLZ
VXODwdevwol5+dlQxFAp6+MGhCw2/veyuySJ8Ti4V9Lcxpa8AdlebV+FIHaqMu6v
E84BT2g5qnueVmmxC0QWgijm36pv2xJm/iIcCEHVpte6pT2ri30=
=X1MJ
-END PGP SIGNATURE-

Bug#1069790: librust-err-derive-dev: impossible to install

[Jonas Smedegaard]

Package: librust-err-derive-dev
Version: 0.3.1-1+b1
Severity: grave
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Package is impossible to install: Depends on missing package
librust-synstructure-0.12+default-dev

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmYpaNIACgkQLHwxRsGg
ASEESg/+POdwe0xl1jXHdABhugoBy9kUpja/kNUmFwOhT5eU+VfHjet7qRzjxqEd
SDBKQMHTFzE7d2UMK0fHKurIBcCIkjRZhfB+pA88v40ko6i9c06+S2MIYMcXHMX9
rLquG7Gz4by8N9Yh3AiOqc/ljveNfchn/pjSwkxitc2HFvv7LmL9wxxRFykZ1KvX
YaU8T+JH5kZ/eB4WOS+5bYLDG/QCrklN1tzXcT7U9OWKo1dFa9wGK/SWvpNTprb5
xptqFMhpNg/ibbz5w1RM7+qmTCsMCAGSqYr3xre2/ypbzBL/IjHI20weayMX+XgO
O5/QpZj1ISnqYHc7eRoNYDLVdpCmmsYZ4tmC2bYhmEh+u/ch6Q+i4CGRKEULACL4
uUAEX0+lhMSkMHoAK0tgL8/5CqWBAel37cav+naoHhswiVzjtfUISlTJF0qy4C7t
XQEXo3Wnwscf9UYQh3343WzQhK6Qnh4/pMMyGDHemAE78DMLiCGJH0T2Z3JKf0wY
JYTDe1G2D/M8iIBzb2WXAgTayuME3UR0OeD1vmFaU6lmcLBY1TvRzddsAcB5wvNL
jWeAQQWkDXBJDBReW4//YHaRYuUKgi/zeXA64v+4ctybFa7vYMhiHWWpf3gpjzCZ
H5NzZmRMXEWWohLwFucWYJbuWtW9A8sgJApsIZN1S+KqASukEz4=
=ZqUd
-END PGP SIGNATURE-

Bug#1069715: librust-opendal-dev: package is impossible to install

[Jonas Smedegaard]

Package: librust-opendal-dev
Version: 0.44.1-1+b1
Severity: grave
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

The package is impossible to install due to numerous missing
dependencies including librust-async-backtrace-0.2+default-dev and
librust-atomic-lib-0.34+default-dev.

 - Jonas

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmYnqBAACgkQLHwxRsGg
ASF41xAAohZlp8Nw70zjFGCWsSyPWc/MC7Ur3g7dKlcX5Dwf1zPgnghzBZ8Xragp
+P+9wz9KFvM5G+qbTirV6LbjFKGPe+A/3H1UGch7fSf4XkUP1kUY5cei6jOdZLjv
guA7ctdEhzx1xfmfs++rE1+FQdMs6EL4r/9mfVC7/x2Y63tpObucMqersCfLJIrC
1W0sj9+1N9RJxiIl2HSTPjafOfnzYgY0RSLbgRj4PP92gAJDZpPKpjZjLxFMOyt2
ZTrCpIDMvDGF8YAqhcz5pymvUSiW7/T2SlYNGw5ZuCwlE0lwAYXS6N5YuM1moedG
Esu/gFQzlflCw/N2dSPaZeQnlQp5FhGn+NSS0RLc37N9kqWYlUKjo6WZ47EXMl+E
ukTuSL2xXU9BWoie3VjKfaf09TWvzhLYBThIBsZW3SUmHqn688G8A83TXVDfOTIX
pNpnbICFSFBszfBEGcbyLpZA/lhJF07jKlysBejlBwlaP12UjKBjYE89u7BG8Zj6
OEyGzL/9OxNiPDoP1LEdDgQyXmcYddry8i0fa18jZo5jAdtWM1KOqbLec1woc4WC
NudRlKfEqqySv10Yadbe5RzCk7NpM3V8ZQnNV2jpzzEP7wsisHckudQ6jSNnO2ks
l9qtIoYQVndkKg9thfPhvVqEeULXC1Uy6NRsfqBatDI6RCLu5xc=
=quVH
-END PGP SIGNATURE-

Bug#1069195: librust-prost-build-dev: FTBFS

[Jonas Smedegaard]

Package: librust-prost-build-dev
Version: 0.11.9-1
Severity: serious
Tags: ftbfs
Justification: fails to build from source (but built successfully in the past)

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Unsatisfiable build-dependency on librust-heck-0.5+default-dev

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmYgJKgACgkQLHwxRsGg
ASGRAw/7B4pWiR2c4LDM2ca6emb9CAHkEAVYVDUK4KKzUQ7uvs9oSTE5ZKqRKNT5
r6tcWEp1IitiB5bt7dimQbzkIGODLFT2MdrXnZqrYglUlMBOXfNnvfevGhWuI+FI
PWDE1oEvxf2ZvTOsMkEc+ywXbfxJKjw4TeoFA+L9g979U18wmTYRB0RCz2nwVOI5
cFhueAR6+IKEPxUk6zYieyJtCddxwsYKR+7uWrktMpRA4hOFK8hyqhZ17wlJs4+y
DD00q2uiUFEK4F3vsj+wCYpbVFRPIkD1p6/rLNZgHDN/EAD5wdDUyH+V9kGGIc6P
uqPaheyLiRlRU1kydwH+mnXcW6+w9YzSnqA8X/e+7qmU76KFn1SpXpDF1rk7EBRN
ujKY+ji6M53WbmnkedF0AT6dPqkUp7+sJZpd4jyxmb+4fWlxl/MBhr5eXjaIj/rI
CFUgIsFuNaHE/GeSeXYfZZh12PXWYUDn+q9KPUIM386fnrhOPeQOIJZuXYzjiE3a
zcSjSyXnDdMtGuZRBMTdJMhmAFgic42k7y082v7SO5XovptInLP1tG5lzePCc52f
F+KPqxptX95WY/8Y6Y79cFcgJaef3Zp5Bzv3vd64ewOwdfes3oUic9a2EL8da+YR
nHuEO6+s2+6WNE8lEelgR29bYXLO78nzSxkIf9rtlgvWc+r41mc=
=V4jZ
-END PGP SIGNATURE-

Bug#1068721: Depends on nonexistant librust-parking-2+std-dev

[Jonas Smedegaard]

Quoting Matthias Geiger (2024-04-09 20:12:13)
 
> parking does not have a +std feature enabled:

Whoops, sorry about that - a silly typo.

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1058552: [Pkg-javascript-devel] Bug#1058552: science.js: FTBFS: SyntaxError: Error parsing /<>/package.json: Unexpected end of JSON input

[Jonas Smedegaard]

Quoting James Valleroy (2024-04-04 16:13:07)
> On 3/28/24 4:08 AM, Petter Reinholdtsen wrote:
> > [James Valleroy 2024-02-12]
> >> Here is a patch that fixes the build:
> > 
> > Thank you.  Can you explain why changing the output from package.json to
> > mktemp and then moving the result to package.json will solve the build
> > problem?  I fail to understand how this could change anything.
> 
> The makefile receipe uses node to produce the content that will be 
> written to package.json. It seems that node is also trying to read in 
> and parse the contents of package.json. Apparently, writing the file is 
> not an atomic operation, so node is reading it before the write 
> operation has completed. So it reads some partially-written package.json 
> file, which is not yet valid JSON, and produces an error when trying to 
> parse it.
> 
> I don't know enough about node to say why it does this (reading in 
> package.json after it has started running the src/package.js script).
> 
> > Btw, did you mean TEMPFILE=$(shell mktemp) to get a random temp file
> > name?
> > 
> 
> I'm not sure. It may also work, but there is a difference in when a 
> shell command runs. Some people recommend not to use shell in a 
> makefile: https://stackoverflow.com/a/76121578

Each make target (i.e. each line indended by a tab) is executed within a
shell.  The point in the SO answer you reference is that calling the
make function $(shell ...) *inside* a make target effectively spawns a
shell within another shell, and *that* you rarely really want.

What Petter is talking about above is that "TEMPFILE=mktemp", because it
is a make target (i.e. on a TAB-indented line) is passed to a shell,
which will *not* set TEMPFILE to the output of the shell command mktemp,
but simply set TEMPFILE to the _string_ "mktemp" which is unlikely that
you want.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1064472: librust-zerocopy-dev: impossible to install: depends on gone version of librust-zeroize-derive-dev

[Jonas Smedegaard]

Package: librust-zerocopy-dev
Version: 0.6.1-1+b1
Severity: grave
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Control: affects -1 rust-ahash

As subject says, the package is impossible to install: depends on gone
version of librust-zeroize-derive-dev

 - Jonas

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmXXnXMACgkQLHwxRsGg
ASFxoQ/+L0lbPWgl4ZPenJnpFsE7SXe2DcBEN7CLCvkJuLjSNiK87fxMOjJwdEEQ
6MgFMutcvVX78jxjotGuP/ZKFPPuKU+hO7E/vppp9YK0o2HtUsEaxwAMJisTkGyj
D6FXUVhKxh+5JMEP2GcIHnRnNcCET4jxpd3wp2TDoan8E/9P7VqYLOwdbK4JIg3J
L5U2sLZsddqWTO7MToGUMKqaPuUxBKlU4UZm+1vuNAZ2eS92yDKzGMQ1DQXevZx1
Rl7BcMt2+BTZhJ1Hs0uHKK+iZV3nnuXBnMCOZ9gAfMJH5ocBwjivpU2KwXzjKy9m
HqS4QOLbA48qU36nU8VW7xRIABoiCkXZRJEn3+DItXECGYzofH7k6U3XnIRJgyY4
9X3fGy/tZmu5VvZRVOaxvYFvqsAKFuOWQIpEkR81k8mmBfcsvOkcXiCBcg4Z5cBr
HopsSwI0/VVJXkQFZa/4R5zQ3I4Ot1hK+haE0RxV0DbPIZUxfK0HTUkYTD4c+vv+
A2YMOIH9FDwCsp+zgjFec6KeYQizBO1lQ7WCDOz5N3ppzLivdg757IZp12dQ5K7N
6PdjwIP5tFvwSj9AHRSPbEiPn4u7/dMMhOA4EeCJ56IjYkPJDimEcWqZCX2sjiCP
kRrvUDX7jG1HGV2UhWsL+Ib00NmgAkdLl+MfaUwPQ9l/oF49wp8=
=PsHr
-END PGP SIGNATURE-

Bug#1063601: tailspin: FTBFS: error[E0407]: method `backtrace` is not a member of trait `Error`

[Jonas Smedegaard]

Quoting Peter Green (2024-02-14 00:51:12)
>  >> [eyre 0.6.8] error[E0407]: method `backtrace` is not a member of trait 
> `Error`
>  >> [eyre 0.6.8]   --> 
> /<>/target/x86_64-unknown-linux-gnu/release/build/eyre-eb1eb971e427fb49/out/probe.rs:19:9
> > The above seems like a failure not in tailspin but in librust-eyre-dev.
> 
> I don't think the errors Sebastian quoted are the cause of the build failure
> at all. I think they are just noise from a test compilation performed to
> determine what the compiler supports. Those same errors are present
> in the successful build log for tailspin 2.0.0
> 
> The actual error seems to be.
> 
> > error: environment variable `CARGO_CHANNEL` not defined at compile time
> >   --> tests/utils.rs:11:48
> >|
> > 11 | PathBuf::from(format!("./target/{}/tspin", env!("CARGO_CHANNEL")))
> >|^
> >|
> >= help: Cargo sets build script variables at run time. Use 
> > `std::env::var("CARGO_CHANNEL")` instead
> >= note: this error originates in the macro `env` (in Nightly builds, run 
> > with -Z macro-backtrace for more info)

Ohhh, of course.  Sorry to have bothered you instead of checking beyond
the bugreport itself.

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1063601: tailspin: FTBFS: error[E0407]: method `backtrace` is not a member of trait `Error`

[Jonas Smedegaard]

Control: reassign -1 librust-eyre-dev
Control: retitle -1 librust-eyre-dev: fails to builds its source
Control: affects -1 tailspin

Quoting Sebastian Ramacher (2024-02-09 21:04:28)
> https://buildd.debian.org/status/fetch.php?pkg=tailspin=amd64=3.0.0%2Bdfsg-1=1706195420=0
> 
>  Running 
> `/<>/target/release/build/eyre-15058028a1ebd405/build-script-build`
> [eyre 0.6.8] error[E0407]: method `backtrace` is not a member of trait `Error`
> [eyre 0.6.8]   --> 
> /<>/target/x86_64-unknown-linux-gnu/release/build/eyre-eb1eb971e427fb49/out/probe.rs:19:9
> [eyre 0.6.8]|
> [eyre 0.6.8] 19 | / fn backtrace() -> Option<> {
> [eyre 0.6.8] 20 | | let backtrace = Backtrace::capture();
> [eyre 0.6.8] 21 | | match backtrace.status() {
> [eyre 0.6.8] 22 | | BacktraceStatus::Captured | 
> BacktraceStatus::Disabled | _ => {}
> [eyre 0.6.8] 23 | | }
> [eyre 0.6.8] 24 | | unimplemented!()
> [eyre 0.6.8] 25 | | }
> [eyre 0.6.8]| |_^ not a member of trait `Error`
> [eyre 0.6.8] 
> [eyre 0.6.8] error[E0554]: `#![feature]` may not be used on the stable 
> release channel
> [eyre 0.6.8]  --> 
> /<>/target/x86_64-unknown-linux-gnu/release/build/eyre-eb1eb971e427fb49/out/probe.rs:2:16
> [eyre 0.6.8]   |
> [eyre 0.6.8] 2 | #![feature(backtrace)]
> [eyre 0.6.8]   |^
> [eyre 0.6.8] 
> [eyre 0.6.8] warning: the feature `backtrace` has been stable since 1.65.0 
> and no longer requires an attribute to enable
> [eyre 0.6.8]  --> 
> /<>/target/x86_64-unknown-linux-gnu/release/build/eyre-eb1eb971e427fb49/out/probe.rs:2:16
> [eyre 0.6.8]   |
> [eyre 0.6.8] 2 | #![feature(backtrace)]
> [eyre 0.6.8]   |^
> [eyre 0.6.8]   |
> [eyre 0.6.8]   = note: `#[warn(stable_features)]` on by default
> [eyre 0.6.8] 
> [eyre 0.6.8] error: aborting due to 2 previous errors; 1 warning emitted
> [eyre 0.6.8] 
> [eyre 0.6.8] Some errors have detailed explanations: E0407, E0554.
> [eyre 0.6.8] For more information about an error, try `rustc --explain E0407`.
> [eyre 0.6.8] cargo:rustc-cfg=track_caller

The above seems like a failure not in tailspin but in librust-eyre-dev.

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1063784: rust-tower-http: fails to build its provided source

[Jonas Smedegaard]

Source: rust-tower-http
Version: 0.4.4-1
Severity: grave
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

The package fails to build its provided source:

error[E0432]: unresolved import `mime::MimeIter`
   --> 
/<>/debian/cargo_registry/tower-http-0.4.4/src/validate_request.rs:118:18
|
118 | use mime::{Mime, MimeIter};
|   no `MimeIter` in the root

I notice that the package source includes a patch to relax dependency
on the crate mime >= 0.3.17, and I notice that the *only* difference
upstream between 0.3.16 and 0.3.17 apparently is the addition of
MimeIter: https://github.com/hyperium/mime/commit/2370800

 - Jonas

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmXKWp8ACgkQLHwxRsGg
ASFRQw//Tqm9iVu0mEsfKinZHiuwybFwrEzYvOmgOtlLI+sas+DzgOo17N5bUzpU
34/YqAOHogBFhfJ61vHH3y3EoPPO8Yz0JgWad1q0Gg2tSGL4V4GAmlnvuu/MCMfy
qG64C9PBVb//rWz9RP7Xg6Zao2/d5NtAuyd8AJzMLV1SkJ0Rs4m/kTeU01b81sqQ
bBdJUSB5IZUMO4TNvBTAZdSC34SE8y1DlEyA8DeAWr/3EBoyNuhEtqFUwISsMBlA
jfT6FIAMZXWwuCynkBzkdwCBR020VDegkdrs1JxkM/t98YcFKb204zfrZSuppxvw
mHpdoZ1ihXyfpbVtHhrF4fL3Kb6u+0o0KsQGh3XUaeSlO7EsD2OzFUNfbhZYmHX5
kJ8HpHLKqexTzM6mZWE2tK4m6MKEWLTl400W6vq3IAxT92w82/5ZJp+2CFc2RtZq
mrQlkHyHSUUdbZWIbIFvK3WzjRmiOzVXZYZ1G9073eRXEp7idHIswTuo8rDP1uuP
RGN/MDt7f+QuS752Pp+zcDKGv59wNMmY/9Kq5VWwbST7EE2TZhVgwb1uTdvJpywh
8AiT4cjCVaTweVAZqIruH+dwjT+ZgVzsNrAKtUrG5vjQpOCUgW+YmsHtag9Qd6yE
/TiUyj8VWelh6PjShVyZyoLsuLHAg1u0CtZ23jOomzmdoDHC+Cc=
=fXsD
-END PGP SIGNATURE-

Bug#1061531: sugar: Stop using webkit2gtk 4.0

[Jonas Smedegaard]

Quoting Jeremy Bícha (2024-02-05 19:39:23)
> sugar 121 was just released and it switches to webkit2gtk 4.1 (and
> libsoup3). I suggest also updating sugar-toolkit-gtk3 to 121 and
> updating its webkit recommends.
> 
> And I recommend cherry-picking the latest commit to
> sugar-browse-activity upstream to fix https://bugs.debian.org/1061530

Thanks for tracking/nudging - much appreciated!

- Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1061120: rust-ahash-0.7 autopkgtest failure

[Jonas Smedegaard]

Quoting Jonas Smedegaard (2024-01-18 20:50:38)
> Quoting Peter Green (2024-01-18 19:29:59)
> > The autopkgtests for rust-ahash-0.7 are failing, this is blocking the
> > migration of rust-ahash-0.7 to testing which is in turn blocking the
> > migration of at least one rc bug fix to testing.
> > 
> > There are two issues, the first is that the autopkgtests are trying
> > to test a "runtime-rng" feature, but no such feature exists. My guess
> > is that there was some confusion between versions of ahash. I removed
> > the tests and the corresponding provides.
> > 
> > The second issue is more subtle. The "atomic-polyfill" feature
> > enables the dependency on the atomic-polyfill crate. However the
> > dependency on the atomic-polyfill crate is disabled on linux
> > (among many other targets). Disabling of a dependency on a target
> > overrides enabling the dependency in a feature. However the code
> > is not aware of this. The result is that building on Linux with
> > the atomic-polyfill feature enabled fails.
> 
> Thanks for the valuable input.
> 
> I am not convinced about the assessment related to and need for
> disabling runtime-rng, however, and it also seems that you applied not
> one but several measures for the atomic-polyfill issue - I will try do a
> more minimal fix for the atomic-polyfill issue to see if that is
> adequate.

Ahh, now I see the runtime-rng failure.  Seems to not be a confusion but
a hidden feature dynamically added to the publicly advertised ones, and
unexpected by the bench resolver to be explicitly declared.

Perhaps that's what you meant as well, or perhaps I am rambling - in any
case, I end at the same solution as you proposed.  Again, thanks a lot!

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1061120: rust-ahash-0.7 autopkgtest failure

[Jonas Smedegaard]

Quoting Peter Green (2024-01-18 19:29:59)
> The autopkgtests for rust-ahash-0.7 are failing, this is blocking the
> migration of rust-ahash-0.7 to testing which is in turn blocking the
> migration of at least one rc bug fix to testing.
> 
> There are two issues, the first is that the autopkgtests are trying
> to test a "runtime-rng" feature, but no such feature exists. My guess
> is that there was some confusion between versions of ahash. I removed
> the tests and the corresponding provides.
> 
> The second issue is more subtle. The "atomic-polyfill" feature
> enables the dependency on the atomic-polyfill crate. However the
> dependency on the atomic-polyfill crate is disabled on linux
> (among many other targets). Disabling of a dependency on a target
> overrides enabling the dependency in a feature. However the code
> is not aware of this. The result is that building on Linux with
> the atomic-polyfill feature enabled fails.

Thanks for the valuable input.

I am not convinced about the assessment related to and need for
disabling runtime-rng, however, and it also seems that you applied not
one but several measures for the atomic-polyfill issue - I will try do a
more minimal fix for the atomic-polyfill issue to see if that is
adequate.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1061102: librust-tikv-jemallocator-dev: fails to compile provided code

[Jonas Smedegaard]

Control: reassign -1 librust-tikv-jemalloc-sys-dev 
Control: retitle -1 librust-tikv-jemalloc-sys-dev: fails to compile without 
xsltproc

Quoting Jonas Smedegaard (2024-01-18 12:32:26)
> Attempts at building Rust project biome (bug#1051238) fails during build
> of the tikv-jemallocator crate

Build succeeds when adding a build-dependency on xsltproc.

This seems most appropriately declared at librust-tikv-jemalloc-sys-dev
- reassigning accordingly.

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1061102: librust-tikv-jemallocator-dev: fails to compile provided code

[Jonas Smedegaard]

Package: librust-tikv-jemallocator-dev
Version: 0.5.4-1+b1
Severity: grave
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Attempts at building Rust project biome (bug#1051238) fails during build
of the tikv-jemallocator crate, like this:

 Running 
`/build/biome-1.5.2/target/release/build/tikv-jemalloc-sys-b3e7f090619a01f2/build-script-build`
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] 
dh-cargo:deb-built-using=jemalloc_pic=0=/build/biome-1.5.2/debian/cargo_registry/tikv-jemalloc-sys-0.5.4
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] TARGET=x86_64-unknown-linux-gnu
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] HOST=x86_64-unknown-linux-gnu
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] NUM_JOBS=2
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] 
OUT_DIR="/build/biome-1.5.2/target/x86_64-unknown-linux-gnu/release/build/tikv-jemalloc-sys-2de43a13417834c8/out"
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] 
BUILD_DIR="/build/biome-1.5.2/target/x86_64-unknown-linux-gnu/release/build/tikv-jemalloc-sys-2de43a13417834c8/out/build"
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] 
SRC_DIR="/usr/share/cargo/registry/tikv-jemalloc-sys-0.5.4"
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] cargo:rustc-cfg=prefixed
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] 
cargo:rerun-if-env-changed=JEMALLOC_OVERRIDE
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] OPT_LEVEL = Some("3")
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] TARGET = 
Some("x86_64-unknown-linux-gnu")
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] HOST = Some("x86_64-unknown-linux-gnu")
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] 
cargo:rerun-if-env-changed=CC_x86_64-unknown-linux-gnu
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] CC_x86_64-unknown-linux-gnu = None
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] 
cargo:rerun-if-env-changed=CC_x86_64_unknown_linux_gnu
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] CC_x86_64_unknown_linux_gnu = None
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] cargo:rerun-if-env-changed=HOST_CC
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] HOST_CC = None
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] cargo:rerun-if-env-changed=CC
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] CC = None
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] 
cargo:rerun-if-env-changed=CRATE_CC_NO_DEFAULTS
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] CRATE_CC_NO_DEFAULTS = None
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] DEBUG = Some("false")
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] CARGO_CFG_TARGET_FEATURE = 
Some("fxsr,sse,sse2")
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] 
cargo:rerun-if-env-changed=CFLAGS_x86_64-unknown-linux-gnu
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] CFLAGS_x86_64-unknown-linux-gnu = None
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] 
cargo:rerun-if-env-changed=CFLAGS_x86_64_unknown_linux_gnu
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] CFLAGS_x86_64_unknown_linux_gnu = None
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] cargo:rerun-if-env-changed=HOST_CFLAGS
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] HOST_CFLAGS = None
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] cargo:rerun-if-env-changed=CFLAGS
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] CFLAGS = Some("-g -O2 
-ffile-prefix-map=/build/biome-1.5.2=. -fstack-protector-strong 
-fstack-clash-protection -Wformat -Werror=format-security -fcf-protection")
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] CC="cc"
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] CFLAGS="-O3 -ffunction-sections 
-fdata-sections -fPIC -m64 -g -O2 -ffile-prefix-map=/build/biome-1.5.2=. 
-fstack-protector-strong -fstack-clash-protection -Wformat 
-Werror=format-security -fcf-protection"
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] JEMALLOC_REPO_DIR="jemalloc"
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] 
cargo:rerun-if-env-changed=JEMALLOC_SYS_WITH_MALLOC_CONF
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] 
cargo:rerun-if-env-changed=JEMALLOC_SYS_WITH_LG_PAGE
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] 
cargo:rerun-if-env-changed=JEMALLOC_SYS_WITH_LG_HUGEPAGE
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] 
cargo:rerun-if-env-changed=JEMALLOC_SYS_WITH_LG_QUANTUM
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] 
cargo:rerun-if-env-changed=JEMALLOC_SYS_WITH_LG_VADDR
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] --with-jemalloc-prefix=_rjem_
[tikv-jemalloc-sys 0.5.4+5.3.0-patched] running: cd 
"/build/biome-1.5.2/target/x86_64-unknown-linux-gnu/release/build/tikv-jemalloc-sys-2de43a13417834c8/out/build"
 && CC="cc" CFLAGS="-O3 -ffunction-sections -fdata-sections -fPIC -m64 -g -O2 
-ffile-prefix-map=/build/biome-1.5.2=. -fstack-protector-strong 
-fstack-clash-protection -Wformat -Werror=format-security -fcf-protection" 
CPPFLAGS="-O3 -ffunction-sections -fdata-sections -fPIC -m64 -g -O2 
-ffile-prefix-map=/build/biome-1.5.2=. -fstack-protector-strong 
-fstack-clash-protection -Wformat -Werror=format-security -fcf-protection" 
LDFLAGS="-O3 -ffunction-sections -fdata-sections -fPIC -m64 -g -O2 
-ffile-prefix-map=/build/biome-1.5.2=. -fstack-protector-strong 
-fstack-clash-protection -Wformat -Werror=format-security -fcf-protection" "sh" 

Bug#958682: [Pkg-javascript-devel] Bug#958682: node-jsonld: Remove dependency to node-request

[Jonas Smedegaard]

Quoting Jérémy Lal (2023-12-23 20:45:21)
> Le sam. 23 déc. 2023 à 20:15, Jonas Smedegaard  a écrit :
> 
> > Quoting Pirate Praveen (2023-12-22 20:53:46)
> > > On Sun, 29 Oct 2023 21:37:08 +0100 Jonas Smedegaard  wrote:
> > > > Yes, I still want to work on node-jsonld - I will make time to look at
> > > > this soon...
> > >
> > > yarnpkg 4.0.2 was recently uploaded to unstable, so this and
> > > node-matrix-js-sdk are the only remaining reverse dependencies for
> > > node-request. We have an ack from its maintainer to remove it
> > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=958692#42 so this is
> > > the only real blocker remaining to remove node-request.
> >
> > You gave a second warning.  Only 24 hours but I guess I should be
> > thankful.
> 
> 
> Hi Jonas,
> 
> Is there some humor in this tone ?
> This bug has been opened more than three years ago, and it's starting to
> look as if you wanted to block it.

There was sarcasm.

No, I am not trying to obstruct.  I genuinely wanted to address it but
forgot, and last night I began look at doing a feverish stunt before I
got involved in other stuff today.  Then tonight I saw that the package
apparently got dropped, so assumed that someone requested kicking
node-jsonld as well.

...but as I double-checked now, I see that node-jsonld is still in
Debian - great. I may then still have time for avoiding a revisit to NEW
queue.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#958682: node-jsonld: Remove dependency to node-request

[Jonas Smedegaard]

Quoting Pirate Praveen (2023-12-22 20:53:46)
> On Sun, 29 Oct 2023 21:37:08 +0100 Jonas Smedegaard  wrote:
> > Yes, I still want to work on node-jsonld - I will make time to look at
> > this soon...
> 
> yarnpkg 4.0.2 was recently uploaded to unstable, so this and 
> node-matrix-js-sdk are the only remaining reverse dependencies for 
> node-request. We have an ack from its maintainer to remove it 
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=958692#42 so this is 
> the only real blocker remaining to remove node-request.

You gave a second warning.  Only 24 hours but I guess I should be
thankful.

Hm.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1051521: rust-palette: autopkgtest failures

[Jonas Smedegaard]

Quoting Peter Michael Green (2023-12-22 07:42:03)
> On 19/12/2023 20:01, Jonas Smedegaard wrote:
> > Quoting Peter Green (2023-12-19 20:46:56)
> >> I prepared a fix for the autopkgtest issues. While I was at
> >> it I also bumped the clap dev-dependency and the associated
> >> build and test dependencies to version 4 as we would like
> >> to phase out clap version 3.
> >>
> >> I discussed the clap upgrade with upstream, they said it was
> >> only used for examples but they did not want to bump it
> >> upstream at this time due to msrv.
> >>
> >> https://github.com/Ogeon/palette/issues/364
> >>
> >> If I get no response I will likely NMU this in a week or so.
> > Thanks for looking into this.
> >
> > Wound you mind sharing the patch you mention having prepared?
> Doh
> 
> Attatched it this time.

Great. Thanks a lot - I had scratched my head over this one for a
while.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1051521: rust-palette: autopkgtest failures

[Jonas Smedegaard]

Quoting Peter Green (2023-12-19 20:46:56)
> tags 105121 +patch
> thanks
> 
> > rust-palette is unable to migrate to Testing because its
> > autopkgtests are failing.
> 
> I prepared a fix for the autopkgtest issues. While I was at
> it I also bumped the clap dev-dependency and the associated
> build and test dependencies to version 4 as we would like
> to phase out clap version 3.
> 
> I discussed the clap upgrade with upstream, they said it was
> only used for examples but they did not want to bump it
> upstream at this time due to msrv.
> 
> https://github.com/Ogeon/palette/issues/364
> 
> If I get no response I will likely NMU this in a week or so.

Thanks for looking into this.

Wound you mind sharing the patch you mention having prepared?


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1059034: librust-scraper-dev: depends on missing package librust-ego-tree-0.6+default-dev

[Jonas Smedegaard]

Package: librust-scraper-dev
Version: 0.18.1-1
Severity: grave
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Impossible to install: Depends on missing package
librust-ego-tree-0.6+default-dev
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmWBuOIACgkQLHwxRsGg
ASGlYA//UV+wJpnvVAi6Ey3ERwr2hbc24wKonaKlF5CS0op+gLkMiTAql8XVOk8q
qdh4anfXvhUmdSiklXeYACEM8mcuXThdiIDnfN9gHAF9Af1mh/hAVXzXpDG+qL+h
MheIScVhm8KSx7d88mG1zQA5bbom6+WrhucVxHwyU1GRc05SxLjwFd2VEwXc5bU1
p30OLZ3br3vHfBnFeNu5Msu2z5PhpPTDdlpAGsAmrQ+zaIdCorLII5vHP5ooOxJP
bMSMag9xnsdbioLP/MN4UmUzhplBjJi5OxjGnXn0Jd48Tp9bSEbMeBkFCfl7mBmM
dLTKflLV5o4rEVFdqxaU9jQLi5d7avv/SeXZBhXylvSS9p6fWk7T5p1iqf5vIdIv
99PlSZU1qXWwPvWUXNWzylH/dZT9SeGRjImYb5fLVVuwUlcCkwI+NpaCZtIiZTSW
gWWAqFVHIZBgNaObaYez75F5ndHmzXeySSxXeWdZgxPZeVgIpUl52WluSfaef1qB
h1g0AT/apoLbed2nyLtMOaYKw6dWUNHZ7b6dtEqg2GtBlbwoH0UjtCF8h89KgRYn
NB4xq48b6bxcrLFft/1kLWjMtCQmqDkrtgGWbDArrzfVMw4cDZEWTwBt2ZOBqfyc
y8QVhRoNXKjnW8+4BXoWY1jjoYmVNl5gcRmY4z+77hvTCqrbG5g=
=goZD
-END PGP SIGNATURE-

Bug#999954: [Pkg-sugar-devel] Bug#999954: squeak-vm: depends on obsolete pcre3 library

[Jonas Smedegaard]

Hi again, Yavor,

Quoting Yavor Doganov (2023-12-19 12:35:06)
> Jonas Smedegaard wrote:
> > Quoting Yavor Doganov (2023-12-19 11:21:34)
> > > Please find attached a patch;
> > 
> > Is it a patch that you composed yourself, or did you work based off
> > of some upstream changeset.
> 
> The former.  I checked the new upstream release (downloaded with
> uscan) and also checked upstream SVN trunk -- the problem was not
> fixed there so I started off the current code in unstable.
> 
> This patch doesn't apply cleanly to the latest upstream release (it
> has a bit different layout and there were changes to RePlugin) but I
> guess it would be more or less trivial for me to adapt it.

Ok.  Thanks for those details, and thanks again for the patch itself.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#999954: [Pkg-sugar-devel] Bug#999954: squeak-vm: depends on obsolete pcre3 library

[Jonas Smedegaard]

Hi Tobias,

Quoting Tobias Pape (2023-12-19 12:02:56)
> > On 19. Dec 2023, at 11:53, Jonas Smedegaard  wrote:
> > Quoting Yavor Doganov (2023-12-19 11:21:34)
> >> Please find attached a patch; unfortunately I could not find a way
> >> to test it.
> > 
> > Thanks for the patch.
> > 
> > Is it a patch that you composed yourself, or did you work based off of
> > some upstream changeset.
> 
> There is no upstream changeset for that, sadly. We should pick that up
> probably.

Thanks for checking!

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#999954: [Pkg-sugar-devel] Bug#999954: squeak-vm: depends on obsolete pcre3 library

[Jonas Smedegaard]

Hi Yavor,

Quoting Yavor Doganov (2023-12-19 11:21:34)
> Please find attached a patch; unfortunately I could not find a way to
> test it.

Thanks for the patch.

Is it a patch that you composed yourself, or did you work based off of
some upstream changeset.

I ask because it is helpful to know how close we are to upstream code,
especially for changes that are tricky to test thoroughly.


Kind regards,

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1057946: pypandoc: autopkgtest needs update for new version of pandoc

[Jonas Smedegaard]

Quoting Paul Gevers (2023-12-10 21:40:34)
> Source: pypandoc
> Version: 1.7.4+ds0-2
> Severity: serious
> X-Debbugs-CC: pan...@packages.debian.org
> Tags: sid trixie
> User: debian...@lists.debian.org
> Usertags: needs-update
> Control: affects -1 src:pandoc
> 
> Dear maintainer(s),
> 
> With a recent upload of pandoc the autopkgtest of pypandoc fails in 
> testing when that autopkgtest is run with the binary packages of pandoc 
> from unstable. It passes when run with only packages from testing. In 
> tabular form:
> 
> passfail
> pandoc from testing2.17.1.1+~git20230125+ds-1
> pypandoc   from testing1.7.4+ds0-2
> all others from testingfrom testing
> 
> I copied some of the output at the bottom of this report. The failing 
> tests checks that the version of pandoc is lower than the current version.
> 
> Currently this regression is blocking the migration of pandoc to testing 
> [1]. Of course, pandoc shouldn't just break your autopkgtest (or even 
> worse, your package), but it seems to me that the change in pandoc was 
> intended and your package needs to update to the new situation.
> 
> If this is a real problem in your package (and not only in your 
> autopkgtest), the right binary package(s) from pandoc should really add 
> a versioned Breaks on the unfixed version of (one of your) package(s). 
> Note: the Breaks is nice even if the issue is only in the autopkgtest as 
> it helps the migration software to figure out the right versions to 
> combine in the tests.
> 
> More information about this bug and the reason for filing it can be found on
> https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation
> 
> Paul
> 
> [1] https://qa.debian.org/excuses.php?package=pandoc
> 
> https://ci.debian.net/packages/p/pypandoc/testing/amd64/40824353/
> 
> 
>   69s ==
>   69s FAIL: test_get_pandoc_version 
> (tests.TestPypandoc.test_get_pandoc_version)
>   69s --
>   69s Traceback (most recent call last):
>   69s   File 
> "/tmp/autopkgtest-lxc._ozpb6jh/downtmp/build.wmM/src/tests.py", line 
> 159, in test_get_pandoc_version
>   69s self.assertTrue(major in [0, 1, 2])
>   69s AssertionError: False is not true

Pandoc is a library and an executable binary.  The package pandoc
version 2.17.1.1+~git20230125+ds-1 links against ghc-pandoc-dev version
3.0.1-3.

Yesterday, upstream agreed to change the versioning of the executable
binary to be in sync with the library - as was the case with 1.x and 2.x
releases.  I have just now released pandoc version 3.0.1-1.

Hope that helps.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1057949: nbconvert: needs update for new version of pandoc: PDF creating failed

[Jonas Smedegaard]

Quoting Paul Gevers (2023-12-10 21:45:50)
> With a recent upload of pandoc the autopkgtest of nbconvert fails in 
> testing when that autopkgtest is run with the binary packages of pandoc 
> from unstable. It passes when run with only packages from testing. In 
> tabular form:
> 
> passfail
> pandoc from testing2.17.1.1+~git20230125+ds-1
> nbconvert  from testing6.5.3-4
> all others from testingfrom testing
> 
> I copied some of the output at the bottom of this report.
[...]
> 378s E 
> /usr/lib/python3/dist-packages/nbconvert/utils/pandoc.py:51: 
> RuntimeWarning: You are using an unsupported version of pandoc (3.0.1).

Pandoc is a library and an executable binary.  The package pandoc
version 2.17.1.1+~git20230125+ds-1 links against ghc-pandoc-dev version
3.0.1-3.

Yesterday, upstream agreed to change the versioning of the executable
binary to be in sync with the library - as was the case with 1.x and 2.x
releases.  I have just now released pandoc version 3.0.1-1.

Hope that helps.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1057692: rust-serde-with-macros: fails autopkgtests

[Jonas Smedegaard]

Source: rust-serde-with-macros
Version: 3.3.0-1
Severity: grave
Tags: ftbfs
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

The package fails its autopkgtests on all tested architectures, and
therefore is blocked from migrating to testing.

See e.g.
https://ci.debian.net/packages/r/rust-serde-with-macros/testing/amd64/39958360/
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmVxcJMACgkQLHwxRsGg
ASEBlA/+JxMQ93DkpnCDK76H2A25OJ4AwdpWRDG5rLieGNGWpCBr5qodW9QtnwrD
cZT/Qi1uv1/C7/g7jVZWM2bVmONU9XMwNBT7GofTcOW/3x4qsEHXnovJb2M3/wZo
nWo563HCUUd8JB/S6ONw0mNWPhzkBlmUcHLhKC5iRORTjYGtiquFc7vCXPwEj331
ANg9NGP2GWwmbBpAxq8NMs6HHAsIZ1YVBaREhkF4JwegO6jOS6ib2yuumtOaWvgn
G7oFVVfNv5pcAXHOnEyNXSB7sJGCvuQpQwIvRXgMhq3EEmtEqrYnZtDbOXwSo3En
K2mNu/DLi9xILiXe4WBDndczi246U+BHN64HXeRUz8lUZcMMMoBeagjocjOayf7H
mDHFFMzvh+AD6FGBcGh7IxUPbq672iP79i0U98Nxh8hFzpQNbAMdsm9e3ZyOCtmN
CJxMWFIW/M9bU1eomeBLod0WEllbIztDu3eW0Rw/O91TM1vqQ0Xtf1AYWXBTIapV
HZuA/caTeGptAvUiX/rur80k+Y1j+KL1fq7vHtO/+eUq80PQkiPSUp6IWqUhJCAZ
mS/pBl8ro2Tu7+Pd3FimyzfUiZqV4tcIpahnwqkDEFv4/9R6y9mKJmO0/40J+m1b
09i0kl7BtTZgVLM1lKczvWK2Pu+uqP2NElMZh4NzJmcnlTvYhmM=
=akWP
-END PGP SIGNATURE-

Bug#1057223: librust-futures-util-dev: fails to install: depends on missing librust-h2-0.3+default-dev (>= 0.3.17-~~)

[Jonas Smedegaard]

Control: retitle -1 librust-futures-util-dev: fails to install: depends on 
missing librust-futures-io-0.3+std-dev

Quoting Jonas Smedegaard (2023-12-01 20:46:33)
> Impossible to install, as it depends on non-existent package
> librust-h2-0.3+default-dev (>= 0.3.17-~~).

Correction: librust-futures-io-0.3+std-dev (>= 0.3.29-~~) is the missing
package (librust-h2 is instead affected by it, along with 66 other
direct reverse dpeendencies).

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1057223: librust-futures-util-dev: fails to install: depends on missing librust-h2-0.3+default-dev (>= 0.3.17-~~)

[Jonas Smedegaard]

Package: librust-futures-util-dev
Version: 0.3.29-1
Severity: grave
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Impossible to install, as it depends on non-existent package
librust-h2-0.3+default-dev (>= 0.3.17-~~).
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmVqOBYACgkQLHwxRsGg
ASGxPw/+JeFgGm4jAUIt9lkK/nmYRrYLKWTbXF+/A6KC+ba+d9oNNN4Fd+JqdkOr
2L1Ij4A7wbivOITr8bJ4jVX4fOtp7fE/d6EjkuZ0X+RmdKgf/t8cFByCI1YL8Jz8
NXSRrhLH+UrXTqWL+9tuDMe9MFjU8FWwzAQ+Rb5dFAZtEv2uVXfDISP73YqLAnSO
C0DiuwRf5Jjn+qkN27IHcbQtQY3wQY6um5XHy9Um0h3Bxhku+/id4LYNezz/0Mqm
3VAYWclRU0BU82mbQr/Sf1YYDTxpUOQVLXVqcwwHAWGIXqUWzqZyPODo527W8Mqz
bNi5e+i42fcwjvezf69mPK0dzXgLWl2sybaW3UrixZYvsmvPLMjC/D4JmZnb9zSO
scLQXUn9qdv2J31VWc/tpc3vpKQChxE5OA03X0FyEOh7sotCWLIGBOHqwbfQcOmD
9s6UBacUBgKbSVVoauqjAhiCX0RGjCXTQBu7nvh+FZ68IfBxFshNtCOtK/oyIH6w
IOSr6UpAh9tn+R+m0TjyUsUGk7/9OfN/3Oe560o5fRsWviSeQ+3p5xVP826Cccjc
K/T3x6QBvps+Nug7Hu0D555U7V96WVKLVe5tDk2ui8mTpgcAqkrCmvyf4venbwIx
Law5m80NFK2bnoTpSgnK1M/aE/eXf2ZZ45jnrEmwIAHeDjQkNJs=
=A/wq
-END PGP SIGNATURE-

Bug#1053686: pandoc: cannot fulfill the build dependencies

[Jonas Smedegaard]

Quoting Scott Talbert (2023-11-25 19:09:39)
> On Thu, 23 Nov 2023, Jonas Smedegaard wrote:
> 
> > Quoting Ilias Tsitsimpis (2023-11-23 21:10:36)
> >> On Fri, Nov 17, 2023 at 09:28AM, Ilias Tsitsimpis wrote:
> >>> On Thu, Nov 16, 2023 at 10:16PM, Jonas Smedegaard wrote:
> >>>> Quoting John MacFarlane (2023-11-16 19:25:17)
> >>>>> Removing lua support would be most unfortunate!  If you need help from 
> >>>>> upstream in getting things to work, let me know.
> >>>>
> >>>> I agree: Pandoc with its core scripting language disabled is a severely
> >>>> crippled Pandoc.
> >>>
> >>> Understood, but I am not really sure how to move forward, since Pandoc
> >>> doesn't fully support the latest Stackage LTS. I can help with
> >>> packaging/upgrade libraries if you can provide the right set of
> >>> libraries we need.
> >>
> >> I uploaded the following packages:
> >>
> >> * haskell-hslua-cli_v1.3.0-1,
> >> * haskell-hslua-module-doclayout_v1.1.0-1
> >> * haskell-hslua-module-zip_v1.1.0-1
> >>
> >> I believe the next step is to update pandoc to 3.0.1, so we can then
> >> package pandoc-lua-engine, pandoc-server and eventually pandoc-cli.
> >>
> >> Jonas, how can I help move this forward? Pandoc is the last blocker to
> >> finish the Haskell transition.
> >
> > I think this will be the best way forward:
> >
> > Haskell team introduces new source package haskell-pandoc.
> >
> > When available, I can build package pandoc depending on it.
> >
> > I really don't like breaking upstream project pandoc into two Debian
> > source packages like that, but I don't have the energy at the moment to
> > try fix dh-haskell (which I suspect will be similar work as I am doing
> > to dh-cargo currently).
> 
> I'm working on this (packaging haskell-pandoc).

Thanks!

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1056634: rust-unsigned-varint: depends on missing package librust-asynchronous-codec-0.6+default-dev

[Jonas Smedegaard]

Source: rust-unsigned-varint
Version: 0.7.1-1
Severity: grave
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

The package is impossible to install: Depends on missing package
librust-asynchronous-codec-0.6+default-dev
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmVgXaMACgkQLHwxRsGg
ASENWg//Q/GyJfMmwTkVUky7/DNnckQGWr9bBDBNE0KxQ9eME+LLqqk9YQe+lamt
oHNDX/qXz/ajgaTi+g+jnI7Ye6d8NZUL2hVRp83cW0U7oxVqnn/wV71QgbvVE9fH
pU6WtEkOundVk+cAYyAxXkWnU5lItZ9YW8CvpQpKWA80S4rECDpFQx2lOk3Pq4AZ
mXgnUj3fJZl6rzEufAgmHYa/Ad4wB2wYFIikTYjFyaWYv9wv3xnl2MnNcOeo+l2R
BUXNo0EtFIoZ75gNV2imVl/K9zD5xROAEC0pf2nQo+lbcqc4lt0mCEYGHlgBCpxd
58Bo2V/OaDmVTB41G4YGjE+gcq5X833Z5ZgEYQMr/PrBSlk2rwGX0iOxOLuGvyhP
HmKQ2G7V4kCfcMBc8C46un4183AaQwPLT0bxgpj7C7zJTzQPFV5fQmhY7TpVm4yR
STycyyFwfxa4I71LqTp6f5rNIuaOwk9wfyR3uiQemNwXd1Y1pERZiHLGEz/7J61W
0VzaK8XpY4RI5AVoKwXU1hZyyMkvKdzQK1XRBYWjtnvtJyj9N94FNv+BzgShUhtb
gOAN0M7gO6rqV700N85Cz2I7ax8AFVU2BG7117s4CY40wSeO43Uxt4MVdAinwm1e
Eds8D31sfgKVPv0ip2YLehk9czosKV2Sdyo+DtvxDRTsOUygtMM=
=2d3j
-END PGP SIGNATURE-

Bug#1053686: pandoc: cannot fulfill the build dependencies

[Jonas Smedegaard]

Quoting Ilias Tsitsimpis (2023-11-23 21:10:36)
> On Fri, Nov 17, 2023 at 09:28AM, Ilias Tsitsimpis wrote:
> > On Thu, Nov 16, 2023 at 10:16PM, Jonas Smedegaard wrote:
> > > Quoting John MacFarlane (2023-11-16 19:25:17)
> > > > Removing lua support would be most unfortunate!  If you need help from 
> > > > upstream in getting things to work, let me know.
> > > 
> > > I agree: Pandoc with its core scripting language disabled is a severely
> > > crippled Pandoc.
> > 
> > Understood, but I am not really sure how to move forward, since Pandoc
> > doesn't fully support the latest Stackage LTS. I can help with
> > packaging/upgrade libraries if you can provide the right set of
> > libraries we need.
> 
> I uploaded the following packages:
> 
> * haskell-hslua-cli_v1.3.0-1,
> * haskell-hslua-module-doclayout_v1.1.0-1
> * haskell-hslua-module-zip_v1.1.0-1
> 
> I believe the next step is to update pandoc to 3.0.1, so we can then
> package pandoc-lua-engine, pandoc-server and eventually pandoc-cli.
> 
> Jonas, how can I help move this forward? Pandoc is the last blocker to
> finish the Haskell transition.

I think this will be the best way forward:

Haskell team introduces new source package haskell-pandoc.

When available, I can build package pandoc depending on it.

I really don't like breaking upstream project pandoc into two Debian
source packages like that, but I don't have the energy at the moment to
try fix dh-haskell (which I suspect will be similar work as I am doing
to dh-cargo currently).


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1055099: rust-async-task: Failing autopkgtests

[Jonas Smedegaard]

Quoting Peter Green (2023-11-21 09:16:21)
> Tags 1055099 +patch
> thanks
> 
> > The autopkgtests for rust-async-task began failing after the upgrade
> > to from 4.4.1-1 to 4.5.0-1. This prevents its migration to Testing.
> 
> I have prepared a patch which adds a feature guard to the example in
> question and hence fixes the autopkgtest. A debdiff is attatched, if
> I get no response I intend to NMU this soon.

Thanks.

Seems the intended attachment is missing, however.

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1056177: librust-tikv-jemalloc-ctl-dev: depends on missing packages

[Jonas Smedegaard]

Package: librust-tikv-jemalloc-ctl-dev
Version: 0.5.4-1
Severity: grave
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Depends on packages librust-tikv-jemalloc-sys-0.5+default-dev and
librust-tikv-jemalloc-sys-0.5+disable-initial-exec-tls-dev that are
missing in Debian.
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmVYhIgACgkQLHwxRsGg
ASFjNg//cqyOhnOtJOazDOwLT/Ix+Xc1/kmpB4K7uRe1VjPh9s2p62AgGD8jgNhM
LzsDnRvU6LXcYekRNfSUyTxEsU7A0L8xcw+hkgS2daY67PEnWI1HYltLJt//Ncq0
O8Ee8nNZ8ZZfIKoL241851jMO6awFvsrsRQ9ukKuKq//S7pz4y798s68QjoGISrT
XSjPLRGVGenDzLdLAa4VaqSR7FAo9gVaTWW/n5h93vChHmDgrls03LXDbZsCbp7v
y20BslCFnzRBcYX+QhC5OItrmDgq11yvLb4F8ZU000n46Dxu15ASbyZruCvnrNv5
jqWb/1bkaEOPKD0AqX9yilNJArzmvf8zQSWTmAPZurDKJVsM505pLQ3UWdEl1W2i
KxXhcp6whujtyBbAHqjistGFdmERc9nXrFZ2ZPrUbkNIbFcO4N+D5ZbZbYg6s8V1
UrHITbW9SgYdd+K2L8ohzQ44Y6avgGlY1Ks2XBok6hKXRCHgTph/WQ2gII1oNmwx
kxicT5WBfJ+c6Py3sOp2vWBmSDxAu1gaYEGLIEF815ZNst7FNqqiBCGWZHRv7rcc
rlpP8HmBV74KgBkuQh+ntTAeoOb647HIOeF7ZkDK5Rqw9yjm9X9N0iIh6QAoaZMD
6W/YJeDm8oeMU4btskDUIinZJidQNkzNNGgUtsSu5Ofz/OSz7zY=
=h8JL
-END PGP SIGNATURE-

Bug#1053686: pandoc: cannot fulfill the build dependencies

[Jonas Smedegaard]

Quoting John MacFarlane (2023-11-16 19:25:17)
> Removing lua support would be most unfortunate!  If you need help from 
> upstream in getting things to work, let me know.

I agree: Pandoc with its core scripting language disabled is a severely
crippled Pandoc.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1053686: pandoc: cannot fulfill the build dependencies

[Jonas Smedegaard]

Quoting Paul Gevers (2023-11-16 11:22:45)
> On Thu, 12 Oct 2023 06:36:05 +0200 Jonas Smedegaard  wrote:
> > Quoting Scott Talbert (2023-10-12 02:33:45)
> > > It looks like pandoc can be updated to v3.0.1 and be compatible with the 
> > > dependencies that are in unstable currently (LTS 21).  Can you please let 
> > > us know if there are any dependencies still missing?
> 
> > I will look at it soon - probably this upcoming weekend.
> 
> Is there any progress with fixing this bug? It seems that this issue is 
> one of the last blocking issues in the haskell transition. src:pandoc is 
> a key package, we can't easily remove it from testing to "fix" the blockage.

Thanks for pinging/nudging, Paul.

Upstream project has restructured to now be organized as multiple
projects to be built as dependencies of each other.

I had hoped to be able to orchestrate such chain-of-builds internally in
the single source package, but the Haskell build helper tools seem to be
in too bad shape for that: Apparently all Haskell packages use CDBS
which is quite cumbersome to use for "looping" subtasks, and both of the
two available non-CDBS debhelper tools existing in Debian are broken.

I therefore give up on that approach, and see no other way forward than
to introduce the libraries of Pandoc as a new source package, and then
have the existing src:pandoc package depend on that to build the binary.

I will now file an RFP for that new dependent package, in the hope that
the Haskell team can adopt maintenance of that.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1055663: rust-syn: build-depends on missing package librust-proc-macro2-1+proc-macro-dev

[Jonas Smedegaard]

Source: rust-syn
Version: 2.0.26-1
Severity: serious
Tags: ftbfs
Justification: fails to build from source (but built successfully in the past)

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

build-depends on missing package librust-proc-macro2-1+proc-macro-dev

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmVNJhkACgkQLHwxRsGg
ASGrug//d6DvX2AJD28nncKM56m2ISY7zzz31HNvzmbfuAXJ3fMZ24zGCXJKjaiQ
68w3C1Te3cczJvlzuD37G7aG3ZSYSVfv5BH1MYoHnuxRC19DWJfglbB5Z/sIx1He
QO9G0FuFNyrzmEsB04zDSevK56Fx30nMb81jpCpgEp0fNjjn1Wt6R6Njfg9ab9q0
WMk4AlTGvkjCMTRKqlGhKGAJaspN1ZazQi+BdN/CSWkj/m2vfVyUtmxoJUYyQ5EJ
dxL0kzScXySnXgzq1D90qPSMYP6FDhj66BBAp0q0FWJRIsz73gclLQreLQQveH/c
5NMdBzPs7zs9Z9DEzw+n1C7TVvRhsD+z601XyJdBUdwZxL0aespQz8AYYWigwoYw
gv6dqmZ1mOPw18ZRRKhDq1f6bkxneeAJS0waaM4tTN0F7VF+WYzUF4IfMp3tz0q+
xBDrqwk70GfHgvFW4xf/VSkSiRSZpLK4gBo/hSbrts2yT14OC3YrtP+gaCB7pTmI
RMZ1hY9C4JYvkSTy7N7miD3h8UGiZieLaoliHSBj75dVah9EoTbJ8reXJmMuydRb
tBr90dJOiKP9soyfpS7m1Amcjm5+kQuGr9o9btrz2Q7jRvt5rpmmHY0t9IMWj+3m
z87dnWb697h1h4GT7oZQldnraZEU459+tgAP31NXM4Sjmh82kQ8=
=SlJm
-END PGP SIGNATURE-

Bug#1055662: rust-proc-macro2: build-depends on missing package librust-proc-macro2-1+proc-macro-dev

[Jonas Smedegaard]

Source: rust-proc-macro2
Version: 1.0.65-1
Severity: serious
Tags: ftbfs
Justification: fails to build from source (but built successfully in the past)

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

build-depends on missing package librust-proc-macro2-1+proc-macro-dev

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmVNJc4ACgkQLHwxRsGg
ASFk+A//Z+2wMdY7QR3oDEfT/2+dS8QbYT+J9Uk9f+JCQIqotQRqLf96OL+3r8HU
+kpf1LOtBJ0nKdiliGZkO6vrAn/Qw2iMD2PBTcWzhUvRU1kpO1tcXZy8EyuZ0Pdu
Z9t58seLJVwpD22rq5dcGtARPVzn3fTcb9lgopNbqyh6rHkUZ4Q/hEMIsY0z2Xt7
WV0GpwdmE09Y2+SfO1fbCpXdNzDwUh/33GV1tU5XTK2XaJHucJu5+cDtn4vDfNfK
LMRyfjPeSBCLCJ7+k77tnjlh5KMG9fYdfyBRFvhnT2B6bT4d4P4upno/vwZ9BX5T
4DE3mEFTWO+PesGO6KzIU7ks+1MgbnVZO7PZNPyzXza7D2dlOajZc7r3TnjHzaGF
g3s5bZXjauOkypbE6utuiOhJ2xPB7ore+eK2AawyAizpQxea8ISsogyen7XOqbGd
rVKRTapWDfzMbXmtH2y29QjG1pbirB2NaCP4JmHUKIhGo1hofv8ei32a4Vkc59Pl
0HuI5d3gqD5HrroT82pXuF1VfNxHZPMiXzc3xNftAgPq18clOA8niSZq5dadaC1a
FrFFyiozTRh3z0ebQ+/7Y6tZWh/uRMiXaTaHgyvb767HTMTn7TX1loVME51w/v0D
epnbvAwxOard0sdtvwsIGKP+Nv3cBRfUIsRk7AQDTIEzYj2T0NQ=
=9G7E
-END PGP SIGNATURE-

Bug#958692: node-matrix-js-sdk: Remove dependency to node-request

[Jonas Smedegaard]

Quoting Praveen Arimbrathodiyil (2023-10-29 18:13:55)
> On Fri, 24 Apr 2020 13:52:39 +0200 y...@debian.org wrote:
> > Upstream has deprecated node-request:
> > https://github.com/request/request/issues/3142
> > 
> > It can be replaced by node-got 
> > 
> > 
> 
> Hi Jonas, Hubert,
> 
> Are you planning to update matrix-js-sdk? We'd like to remove deprecated 
> node-request from the archive and this package is a blocker.

I have no interest in matrix-js-sdk.

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#958682: node-jsonld: Remove dependency to node-request

[Jonas Smedegaard]

Quoting Praveen Arimbrathodiyil (2023-10-29 18:10:08)
> On Fri, 31 Dec 2021 13:17:07 +0100 Yadd  wrote:
> > updating node-jsonld is enough to fix this issue:
> 
> Hi Jonas,
> 
> Are you planning to update node-jsonld?
> 
> > Else we can simply remove this package from Debian since it seems 
> > useless (no reverse dependencies).
> 
> This is blocking removal of deprecated node-request.

Yes, I still want to work on node-jsonld - I will make time to look at
this soon...

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1051241: headsup for gtk + pipewire update

[Jonas Smedegaard]

Quoting Jeremy Bícha (2023-10-16 17:50:11)
> Control: tags -1 +pending
> 
> Because the scheduled autoremoval day is today and because Jonas'
> packages are generally on the LowNMU list, I am uploading this as a
> NMU now.

Thanks to you both!

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1053686: pandoc: cannot fulfill the build dependencies

[Jonas Smedegaard]

Quoting Scott Talbert (2023-10-12 02:33:45)
> It looks like pandoc can be updated to v3.0.1 and be compatible with the 
> dependencies that are in unstable currently (LTS 21).  Can you please let 
> us know if there are any dependencies still missing?

Exciting!

I will look at it soon - probably this upcoming weekend.

Thanks,

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1051752: [pkg-uWSGI-devel] Bug#1051752: uwsgi: remove uwsgi-plugin-glusterfs on 32 bit architectures)

[Jonas Smedegaard]

Quoting Alexandre Rossi (2023-09-27 20:53:14)
> > > If I get some advice on the best practrices for having d/control.in with
> > > template variables, I would be happy to work on this.
> > 
> > I assume you mean the debian/control file (as the uwsgi source package
> > currently contains no debian/control.in file).
> > That file gets mangled when the following command is executed:
> > 
> >   DEB_MAINTAINER_MODE=1 debian/control clean
> 
> I thought that using some template engine and introducing d/control.in
> would be easier to maintain, debug than the current mangling and was wondering
> what was considered good practice for this in Debian packaging.
> 
> I'll research.
> 
> Thanks for the upload,

Historically the package used a debian/control.in file.  That made other
Debian developers nervous, thinking that if they didn't understand that,
they were unable to help out with other unrelated aspects of package
maintenance - despite my adding a note in debian/README.source
explicitly stating the opppsite.  So I consider that a failed
experiment.

But I am open to suggestions on how this could be done more elegantly -
just please let's discuss it *before* you mess around structurally with
the package :-)

(I do *not* consider current packaging style ideal - for starters, I
want to migrate away from using CDBS, but it is a complex package so I
want to do it cautiously - and am not really in a hurry about that...)


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1051752: [pkg-uWSGI-devel] Bug#1051752: uwsgi: remove uwsgi-plugin-glusterfs on 32 bit architectures)

[Jonas Smedegaard]

Hi Alex,

Quoting Alexandre Rossi (2023-09-27 15:18:14)
> Following attempted fixes of #1051752, please not that I seem to have fixed it
> (tested on i386) in 
> https://salsa.debian.org/uwsgi-team/uwsgi/-/commit/5cdb4e37be8dd93cefdcceeb199efe990b2eb918
>  .

Thanks a lot!


> If I get some advice on the best practrices for having d/control.in with
> template variables, I would be happy to work on this.

I assume you mean the debian/control file (as the uwsgi source package
currently contains no debian/control.in file).
That file gets mangled when the following command is executed:

  DEB_MAINTAINER_MODE=1 debian/control clean

I have finished the packaging now, and am now preparing a new release.

Thanks again,

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1052261: librust-pkcs5-dev: impossible to install: depends on missing package librust-scrypt-0.11-dev

[Jonas Smedegaard]

Package: librust-pkcs5-dev
Version: 0.7.1-1+b1
Severity: grave
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

librust-pkcs5-dev depends on missing package librust-scrypt-0.11-dev
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmUJ1HsACgkQLHwxRsGg
ASGCyQ/+KIHJJDQnT6vwGP0i13f7Xo/lF/2ZOw0MBASlV+8a5/520+1YN4QqXAll
u+BCXHCrRyz6Q4OnMsJdCKOBXWWnGOHHW10En6JENWRFRn2xdsp93Vc+2n4mGMx3
6JhI2kobfH5Vlr0wr1bYI1ydnOefyAA5SaHMiAJLHvznisvpbUJaD9U8yVk30ncG
yFBKEBY05u83rzGh27GHDb/+//nBob2i/tOIplWR5ynz8+4T7CKbrGEiV1obVfZu
dNUdixJ4pqsKFS3iyBp4NrPzJXSD+Ne5s02mO+Xy3arOUb2jDw/08B1xMA6ZkbLL
UALEeauPxdUQuKQiJAKxNFfJk7Z0Bab4cNRtim/Uy8t9jrWSLJ49cKwd+J9jfhPa
xMvqyQl68nO1W1P6RXQDOm2WZDNIUOLuMaUULyMjLWXRqOwgwUSs4NLqNpbPh8LI
rPYze43mnvKCG3y/yk28H2LOK6n+4FhEXWsykn5Lf0xL5uec4DKtK/FRh84MB9D1
dmWtdYjgacrHaPzBnBesBwsm0oWl+mup7/4vIXrK1aee+zyMb4Pfkm8e1FYpCqKG
o1T1CeSOfy1u5a7a5eyMHrPHov1oIeFkoumQtZVXGUp+2fkxeq22mg2lSytFFyBk
QbuMKJPc3THsAg4Q6P8AqttFxL5hmxdGc+ZQUnVNvw1nQdMYOe8=
=ewt/
-END PGP SIGNATURE-

Bug#1051066: [Pkg-netatalk-devel] Bug#1051066: netatalk: 9 outstanding CVEs in Bullseye with available patches

[Jonas Smedegaard]

Quoting Daniel Markstedt (2023-09-03 08:40:35)
> --- Original Message ---
> On Saturday, September 2nd, 2023 at 1:33 AM, Jonas Smedegaard 
>  wrote:
> 
> > 
> > This is one bugreport about multiple issues. That easily gets confusing
> > to track, e.g. if some of the issues are solved and some are not, for a
> > certain release of the package (and consequently a Debian release where
> > that package release is included).
> > 
> > It is generally easier to track when instead filing one bugreport per
> > issue.
> > 
> 
> I can see how this is the preferred approach for a clean tracking of each 
> security issue. In this case it gets a bit hairy since we have cases where 
> one patch fixed multiple CVEs, and elsewhere multiple patches were required 
> to fix regressions introduced by a CVE fix. It was a journey of >1 year to 
> get to the present state.
> 
> > I tried lookup one of above CVEs inn the Debian security tracker:
> > https://security-tracker.debian.org/tracker/CVE-2022-43634
> > 
> > It references an already filed bugreport about that issue, bug#1034170,
> > which is tagged as found only as early as 3.1.14~ds-1. If earlier
> > Debian package releases are also affected by that particular issue, then
> > please update that bugreport to reflect that fact.
> > 
> > This bugreport is flagged as "archived" (which is done automatically
> > after being done for a while, to reduce spam). Before doing other
> > changes you therefore need to first unachive it.
> > 
> > E.g. something like this:
> > 
> > bts unarchive 1034170 . found 1034170 3.1.13~ds-1
> > 
> 
> Will do, thanks for the command.
> 
> > The other CVEs seemingly have no related bugreport (from a quick look at
> > the security tracker - but I suspect that database does not list
> > bugreports not involving the security team at first, and only later
> > mentioning a CVE if at all). If you don't happen to be aware of
> > bugreports exisisting for those other issues, then I suggest to file new
> > individual bugreports for each issue (also because it is easy to merge
> > issues later as needed).
> > 
> 
> That's a fairly big undertaking, especially if clean and atomic patches are 
> required for each...

Minimal patching is required for stable releases, but it can be one
patch solving 9 issues, or a combination of multiple patches solving a
single issue.


> I was really hoping the batch approach would be accepted.
> 
> That said I can definitely create the individual bug tickets for starters and 
> we can take it from there. Let me set aside some time next week for this.

I don't mean to bother you with silly paperwork.

I don't mean to imply that each issue need to be *solved* separately,
only that it generally is easier to *track* issues separately.

E.g. it makes great sense to close several bugreports with a single
patch.  And if that patch turns out to not actually solve all issues
then we can "reopen" or "unseen" individual bugreports as needed.

If 9 issues are tracked in one bugreport, then it is not possible to
structurally (only sloppily in prose) communicate if "2nd and 5th of the
9 issues reported here was not yet fixed after all"...

Hope that makes sense.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1051066: [Pkg-netatalk-devel] Bug#1051066: netatalk: 9 outstanding CVEs in Bullseye with available patches

[Jonas Smedegaard]

Quoting Daniel Markstedt (2023-09-02 00:00:14)
> Package: netatalk
> Version: 3.1.12~ds-8
> Severity: critical
> Tags: patch security
> Justification: root security hole
> X-Debbugs-Cc: pkg-netatalk-de...@alioth-lists.debian.net, Debian Security 
> Team 
> 
> Nine CVE security advisories were addressed in netatalk upstream
> releases between 3.1.13 and 3.1.15. The full list is below:
> 
> CVE-2022-45188
> CVE-2022-43634
> CVE-2022-23125
> CVE-2022-23124
> CVE-2022-23123
> CVE-2022-23122
> CVE-2022-23121
> CVE-2022-0194
> CVE-2021-31439
> 
> Current status of patching these vulnerabilities:
> - netatalk oldoldstable has already been patched by the Security Team.
> - netatalk unstable has already been patched by the maintainer team.
> - The netatalk package was excluded from stable, no action required.
> - What remains is to patch oldstable, hence this ticket.
> 
> A debpatch has been attached to the related Release bug ticket,
> where approval to proceed with an oldstable release has been requested.
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1049325

This is one bugreport about multiple issues.  That easily gets confusing
to track, e.g. if some of the issues are solved and some are not, for a
certain release of the package (and consequently a Debian release where
that package release is included).

It is generally easier to track when instead filing one bugreport per
issue.

I tried lookup one of above CVEs inn the Debian security tracker:
https://security-tracker.debian.org/tracker/CVE-2022-43634

It references an already filed bugreport about that issue, bug#1034170,
which is tagged as found only as early as 3.1.14~ds-1.  If earlier
Debian package releases are also affected by that particular issue, then
please update that bugreport to reflect that fact.

This bugreport is flagged as "archived" (which is done automatically
after being done for a while, to reduce spam). Before doing other
changes you therefore need to first unachive it.

E.g. something like this:

  bts unarchive 1034170 . found 1034170 3.1.13~ds-1

The other CVEs seemingly have no related bugreport (from a quick look at
the security tracker - but I suspect that database does not list
bugreports not involving the security team at first, and only later
mentioning a CVE if at all).  If you don't happen to be aware of
bugreports exisisting for those other issues, then I suggest to file new
individual bugreports for each issue (also because it is easy to merge
issues later as needed).


Kind regards, and thanks a lot for looking into this,

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1050902: librust-multihash-dev: impossible to install: depends on missing package librust-unsigned-varint-0.5+default-dev

[Jonas Smedegaard]

Package: librust-multihash-dev
Version: 0.11.4-2
Severity: grave

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

As subject says: package is impossible to install as it depends on
unavailable package librust-unsigned-varint-0.5+default-dev.

- -  Jonas
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmTwaVwACgkQLHwxRsGg
ASG1PA//SkSyoQA7WZn6HBP24mmHEUEEvrcNQmiohbWEGqcG6PSlKOGIgnpQkaQT
t/MDbpHPsDuI9gU7zTsHxN5wtMre1q1XqHFrtSTElVdFsILtsdo+kOnKTRySWBWe
RqjwLi7+dgiDOApaoZyV+KLPDCAbrnwuyCFQPpcz/AlWqOqwhZEyLCqZM3AFSDFM
B0+7UejI4/PqXyFstqGZTxEjeDjlBCAyNhvGggLFjkNE9w1DBIMILFleLJYCtKZu
vcD5g3fXpjNRHqoCRW013r1wr9017NyPBUL+y+ZpEbhTBGI7XWlGG3/5cbhgakkJ
eDnjRml+tu+CUpHAjNOPtl/zLg+j4bKll3TDEzmItFThNEXLfiGA5Gl68oydOPZF
0a2VPtZ32XftrRyQHOuxuDfMf04qeshkJZSDT8+gGBG+hQLJTZ8RH97W2kfdOcq0
A3Fnzw+iq7kFAP1AsYpbBIw3p1dI27hpBlnT9aVrAQD9/P6OMyRuoXZxngDH6LB+
HqQK7r/mdOvNQkCbkBZZpWv0ckJtGMYTDDOfd+7Q/sX4LZpgpDm8oHTLGOrdwX/1
LiindD4EfHYThYe7otkdN9FJL403GuV67fuw8Pa7TPZnqA9dfFw+JKg4oTEVN757
cLMXtrhvJuaVbysvPS5fN0YUJVTdleL7ss/dZRlZF6CpSkmCKNo=
=C/HN
-END PGP SIGNATURE-

Bug#1050891: sccache - update for new addr2line.

[Jonas Smedegaard]

Quoting Peter Michael Green (2023-08-31 02:01:53)
> Package: sccache
> Version: 0.5.4-11
> Severity: serious
> Tags: patch
> 
> I just updated addr2line to version 0.20.0, sccache builds succesfully
> with the new version after bumping the dependency.
> 
> Debdiff attatched.

Please, pretty please, DO NOT BREAK REVERSE DEPENDENCIES uncoordinated.

Cc'ing debian-devel, to raise awareness of this ongoing pattern.

It is stressful.  You cannot expect to to always react quickly, and it
is not acceptable to use NMUs to paper over too sloppy coordination.

Possibly you did your homework and your assessment about the magnitude
of the damage is correct, but it is a risky game, and it is unfair:
Allow those responsible for maintaining packages to actually do that.

All that said, thanks for your bugreport, and for your tests.

Please in future coordinate *before* doing breaking changes (unless it
happens accidentally, of course).


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1049977: rust-hyper-rustls - please update to match new rust-tokio-rustls

[Jonas Smedegaard]

Quoting Jeremy Bícha (2023-08-19 19:56:29)
> In this case, britney noticed an increase in uninstallability which
> would also have prevented the migration of rust-tokio-rustls to
> Testing.
> 
> https://tracker.debian.org/pkg/rust-tokio-rustls

Ah, right - I forgot about those tests.

So I was wrong that it would have a real risk in this case of wrecking
havoc in testing if only a severe bugreport was filed against this
package.

My argument stands, however, that it is the wrong package to file that
severe bugreport against.

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1049977: rust-hyper-rustls - please update to match new rust-tokio-rustls

[Jonas Smedegaard]

Hi Jeremy,

Quoting Jeremy Bícha (2023-08-19 17:45:20)
> I am bumping the severity since rust-hyper-rustls fails to build from
> source in Unstable. This is true regardless of whether this situation
> should have been coordinated better.

It is but academic now that I have uploaded a fix for this, but I
disagree with your raising severity:

This package is not broken *in itself* but is instead *affected* by
breakage in rust-tokio-rustls.  The difference is not merely nitpicking
but has an effect on whether this package can migrate or not to testing:
Since this package is not broken, it is not problematic to let it
migrate to testing, but if rust-tokio-rustls had not had a severe bug
reported against it (and Peter had not been so quick at convincing me to
release a fix this soon) then it would have migrated to testing and
caused breakage there as well.

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1049977: rust-hyper-rustls - please update to match new rust-tokio-rustls

[Jonas Smedegaard]

Quoting Peter Green (2023-08-19 14:30:22)
> > Since rust-hyper-rustls has reverse dependencies as well, its move
> > to to v0.24 will involve NEW queue and potentially take some time.
> 
> According to my searches the only direct reverse dependency of
> rust-hyper-rustls is rust-reqwest.

Indeed - I made the error of taking into account indirect reverse
dependencies.


I have the new version of that (which is not semver-breaking) ready to
> upload as soon as hyper-rustls is uploaded to unstable.

Excellent: Then I'll re-release to unstable now.

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1050028: rust-tokio-rustls: recent upgrade breaks reverse dependencies: keep from testing till resolved

[Jonas Smedegaard]

Source: rust-tokio-rustls
Version: 0.24.1-1
Severity: serious
Justification: reverse dependencies

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Control: affects -1 rust-hyper-rustls

Breaks reverse dependencies: keep from testing till resolved.

See bug#1049977 for related discussion.
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmTfcg0ACgkQLHwxRsGg
ASFNUxAAj105Of/nLfE9QqYVaJY6xXpSw5P1XO0a9BTC6L0WnFjZXkLP2HJONUXi
mHMQ3nXrdKVAB4SfCB674NZXs4kR6bhsJeFwkjMx/WEMxv83GRBEfCe2d2YVJjJq
O+mcDQLxiSnzkOsixvNboAGeeBBwwz02nSvcYFhH8Kj6zNHVHhtitjeG13atpqGd
/3uZ7nVl8vwAWhf3QzySgFfhWfdkCw3ltZR3adb14NNLFKcQnht5XEqiwoiZTqkN
ipi0OI+cfA4EWfzLOJq0Ph9cbRfD3BJTUfCVfNFe/+xUEIDtViYeJeWO6ROvxZ8i
8DD1FsZqJFIQLn2Zg6nQ41sShgmV08hM25BLtznTxcN9i3X+EtnDqgGePkbvzqb6
abQuKvuyx1zWW6RiN/XwlWCGtLnWYfpe3pchlkMEp/hjEE00BNrN484LWRjUcnVo
5zUa5PBKfFleZMs9zB+SFrcz+S2RaEn1Jj8DHjzl4k35rWBEy4FfEZT9X4fkERxA
mLVGlUaYlhe59oOajkmsVcEOAN4aHlXiVFOUUiV5jPH7uzbPy0Y74fG81PCFwbUa
Dg1mtCEOo7zqymdSOV+dGOI6YTDSew6jNhzNEe0GjHRSzCTfN1hr3VoWwztQEVZF
p18AmR/IijkhU3hStZAUtPt3s8nqc9MXZyKzUMfR0RNKvv4cKZw=
=YGQr
-END PGP SIGNATURE-

Bug#1049977: rust-hyper-rustls - please update to match new rust-tokio-rustls

[Jonas Smedegaard]

Control: severity -1 important

Quoting Peter Green (2023-08-17 20:39:10)
> Package: rust-hyper-rustls
> Version: 0.23.2-4
> Severity: serious
> 
> I just updated tokio-rustls to 0.24.1, hyper-rustls needs updating to
> 0.24.1 to match.

Thanks for upgrading tokio-rustls.  Please note, however, that it is bad
to break reverse-dependencies without coordination.

For future breaking changes, please try to do it gracefully instead:
First upload to experimental, and re-upload to unstable only after
having given reverse dependencies time to prepare for it.  Since
rust-hyper-rustls has reverse dependencies as well, its move to to v0.24
will involve NEW queue and potentially take some time.  It is quite
frustrating that while waiting for that the package will be broken due
to this uncoordinated upgrade :-(

I am lowering severity here - this issue is not a Policy violation in
rust-hyper-rustls but a too hasty upgrade of rust-tokio-rustls which
*affects* rust-hyper-rustls.

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1043500: librust-winnow-dev: impossible to install

[Jonas Smedegaard]

Package: librust-winnow-dev
Version: 0.4.8-1+b1
Severity: grave
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Impossible to install: Depends on unavailable packages
librust-anstyle-0.3+default-dev and
librust-anstyle-stream-0.2+default-dev.
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmTXCMwACgkQLHwxRsGg
ASEl4Q/+JfoD3B73fi8wQlhcHmL/QO+SoCyIcmLje+xVQweRmtMQ9IQd+8PCc3/P
No4Tp0wZQ8F7r/vVhqkw4XVLQp3hCq/ghsoclbRQnH0MmMru1Bct0s6piLCoLQHu
m1Z6HoMaTcy7uIRYdoph6gu8jzrfzpNRLdXniCz3/4cUlH38RAVnwOIzpFyQOD00
qXWrLGx6nT3yieO4ktXpqCgrlAnL1tgNe/kNmNRwuSGkqRzNu+pAvv+ETnaoK281
bZuR8aAI5jILbN/DXdXIXvXtet37NzmGBS4Ti4wZ7eSRvrgQdvD8C7s7myZgKIqY
VGQ/J6uvf8kRbCxBtqfY9tQ7ncJFWlHvQp+u6Bb/uetP2EhSzm6fJZrd5v6Dr/48
5amIhngyF9T2X9UiRg9GneP8p2KxqRAvi/ttei2WTerDw4yxJRzJCBGWYk7nLAjZ
7bJtK9Y250txvFmn7VkoCkI+lBDrMvnmTe4MYFgonZxeeMcZyTkAwysBuBLQICgk
NqC7RlQbzkB3DSnZ7Kf/RlOFFZ/gdv5V2u+iBg55C3tUe7bAFMKOEYVZCrFLnJbV
j320g2aus2d8MhPKgKJiaUzSQR7wg1NqlZREz57ldnMWrcrqDTrC1D5Lil8aFC0N
RobTO26VTTmZNEbG8On9qzBJppczqeFUFP7pxzPHQIiKPP7ZCII=
=t0DW
-END PGP SIGNATURE-

Bug#1037736: [Pkg-sass-devel] Bug#1037736: Bug#1037736: libsass: ftbfs with GCC-13

[Jonas Smedegaard]

Quoting Jonas Smedegaard (2023-08-06 14:07:09)
> Quoting Bo YU (2023-08-06 13:48:43)
> > On Mon, Jul 31, 2023 at 1:09 AM Jonas Smedegaard  wrote:
> > > If you are generally interested in SASS tools and want to help maintain
> > > them in Debian, then you are very welcome to join the team (which is
> > > effectively only me at the moment).
> > Thanks for the invitation. I am happy to maintain SASS tools packages.
> 
> Great!  Please request membership of the salsa group at
> https://salsa.debian.org/groups/sass-team/-/group_members

Please also subscribe to our mailinglist - it is listed at our team page
at https://wiki.debian.org/Teams/Sass (which I created just now,
reminded by my earlier mention of lousy documentation).


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1037736: [Pkg-sass-devel] Bug#1037736: libsass: ftbfs with GCC-13

[Jonas Smedegaard]

Quoting Bo YU (2023-08-06 13:48:43)
> Sorry for the later reply, I was travelling some days and now I can
> own my time.

No problem - there is no rush, so just take your time :-)


> On Mon, Jul 31, 2023 at 1:09 AM Jonas Smedegaard  wrote:
> > If you are generally interested in SASS tools and want to help maintain
> > them in Debian, then you are very welcome to join the team (which is
> > effectively only me at the moment).
> Thanks for the invitation. I am happy to maintain SASS tools packages.

Great!  Please request membership of the salsa group at
https://salsa.debian.org/groups/sass-team/-/group_members

> At the moment I need to take some time to understand their technical
> details but maintaining them should be okay given the packages were in
> a good sharp.

Don't hesitate to ask!  This is a very small team, and I am bad at
writing documentation so some things are only in my head and maybe not
easy to guess, to please just ask!

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1042921: glib log feature

[Jonas Smedegaard]

Quoting Matthias Geiger (2023-08-03 12:18:32)
> Sorry, I patched out the log dependency (and subsequent features) 
> absentminded.
> 
> A fixed version is uploaded and should hit the buildds / archive soon.

Thanks!

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1042921: rust-glib: feature "log" has disappeared

[Jonas Smedegaard]

Source: rust-glib
Version: 0.17.10-1
Severity: serious

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

rust-glib was upgraded without coordination with reverse dependencies.
Don't do that.  It puts a stress on maintenance of reverse dependencies!

The upgrade patched away feature "log". Don't do that.  Yeah, I can see
that it requires a new package - then package that, don't break reverse
dependencies in Debian!

 - Jonas
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmTKvpAACgkQLHwxRsGg
ASF5whAAho9hTN1h+vVnX0r9dcYsWAdMSKGGEJU8Gm95dd5OvgAayquIs9KkM+SH
TVpFTNy83VtyJ+pxBNjdmk76bOUJdrgECjD2A1ytgsHKUreoZjXeuB4ukswVqRFn
Ay4WKLjSY5rEh4acrUX2kVbDo3hUn2qz8NrImw0H7zzgOJik4Hpp9nlAX/XPvNDE
9wci98XsmEh/eaHr17HSqF/BZDyXxTgHT6s3vP1WPLKBpBgGjIsSHXLVfiRi1Woj
mng+scm2KlKFtSI5KZ/q1Bj8604yLXFpRvN1hzlnroY9/HTeGJdXJtyETOKV+ESU
/fVMFIK25DyqHA8jfipvyrA7DiSJxc7FTWajPi2bdj+RxTajRM4pSahONrNtI3xx
K88fnDHJEVCgwp4zlRnn7JJsK7dFW1+SEQBW0tH+tXHUquVM+mSu4VIgQTdjGv8j
gNV5dh8j/NtIP2xRrUOYK40OJ+RdgPW5sf2ZtqslN5DH2ZtZTIpcUAVO4ehOF3Ky
AV2VMmKINPpyhyCh30/PB6VD2ImWMz44hrvS20g6yTrq2I/bdIteiqbVR7LjvbFZ
ugFLXiEHl0pWkm33vSEZXnjnZR2g1X/PZVFv9mcoUFE7CeNQEMv4IxsMs5wU8YdE
IGfjrmvKLTI3s3pDsIsNNBvbLvUSXxI6nNcYpfMln8KNu7RZqRM=
=C2MK
-END PGP SIGNATURE-

Bug#1037736: [Pkg-sass-devel] Bug#1037736: libsass: ftbfs with GCC-13

[Jonas Smedegaard]

Hi Bo,

Quoting Bo YU (2023-07-30 18:40:01)
> I have updated the symbols file to fix the issue, could you apply it on
> next upload?

Thanks a lot.  I will apply now.

If you are generally interested in SASS tools and want to help maintain
them in Debian, then you are very welcome to join the team (which is
effectively only me at the moment).

If you just wanted to help fix this one issue, then that is fine too, of
course.


> BTW, The issue should be the same with #1042201

Agreed, that is same issue.


Kind regards,

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1031046: Asterisk packaging

[Jonas Smedegaard]

Hi Olivier,

Quoting Olivier (2023-06-02 11:24:44)
> I volunteer to help to package Asterisk either in current official
> Debian repo or in an alternative repository.

Great!

Please subscribe to our mailinglist and discuss more there.
And please consider joining our IRC/Matrix chat room/channel for more
casual hangout.
Info on both is listed at https://wiki.debian.org/Teams/VoIP/


> The perspectives of Asterisk Deb packaging is talked about in [1] (I'm
> the original author of this thread).
> 
> One thing that comes to mind reading [1] is that several people
> recommend packaging from scratch while it seems to me, that
> contributing in coordinated activities may lower the amount of work
> (no need to build a repo, to configure host to use a custom repo, ...)
> and increase the outcome quality as Debian standards are quite high.
> 
> If having Asterisk distributed with Bookwom is a lost cause, maybe we
> can try to have latest Asterisk 20.3 be packaged "the Debian way" in
> unstable repo and self assign the goal that this build would done by
> new contributors, under the control of experienced mainteners ?
> 
> Then, what could be the best media to read or add doc about Asterisk 
> packaging ?
> 
> [1] 
> https://community.asterisk.org/t/status-and-perspectives-of-asterisk-package-on-debian-bookworm/97087/11

I see 4 approaches:

1) Use what the Asterisk project officially offers.

2) Use what Debian project officially offers.

3) Use what Debian semi-officially offers as "backports".

4) DIY.

Each of those 4 approaches can be done either with least possible effort
on your own part, or through more active collaboration.

Option 1 is good for some users.  Evidently it isn't for me, or I would
not have spent the past 20 years adding patches and build routines on
top of what upstream projects could offer: I firmly believe that it is
benificial to have a "second stage development" focusing on integration
across upstream projects, and I firmly believe that Debian is the best
for doing that.  For those disagreeing, use option 1 or 4 :-)

Option 2 is currently off the table, because for Debian to be
officially "stable" the work has to be done *before* the distribution is
released as "stable", and not enough work was done for that to happen
for the current stable release.

Option 3 is still valid.  It requires help, not on climbing the whole
mountain of building a package, but on concrete narrow tasks of checking
for security bugs, isolating (or writing from scratch if you are really
cool) patches to fix those bugs, and (when baked into a package) testing
that the bugs are indeed fixed.  Only with *both* packaging *and*
maintenance (which includes security sheparding) of that packaging can
the work become semi-officially available in Debian backport.

Option 4 is always an option.  And for me personally is always a big
waste of time, compared to the more efficient collaboration possible
using Debian as a platform for it.  Feel free to disagree, but then
discuss those non-Debian approaches elsewhere than in Debian :-)


Hope to see a lot of you enthusiasts in the Debian VoIP team mailinglist
soon.  More info at https://wiki.debian.org/Teams/VoIP/


Kind regards,

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1031046: Error while trying to create asterisk-20.3.0 deb file

[Jonas Smedegaard]

Hi Daniel,

Quoting Daniel Huhardeaux via Pkg-voip-maintainers (2023-05-29 14:40:09)
> I try to create a deb file using dh_make
[...]
> Base package is asterisk-20-current.tar.gz
> 
> Any clue?

Sorry, but this is a bugreport for tracking the general health of
packaging Asterisk officially for Debian.

Official Debian packaging does not need someone starting over from
scratch (and such duplicate work is unlikely to succeed using dh_make
which was intended for small simple packages).

If you are interested in helping out improving the state of official
Debian packaging, then please join the VoIP team mailinglist and let's
discuss there how you can best help out - which (as posted in this
bugreport already) is more likely to be work related to composing and
testing patches for security bugs than it is work related to repackaging
Asterisk from scratch).

The team mailinglist and other related info is here:
https://wiki.debian.org/Teams/VoIP/


Kind regards,

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1031046: Asterisk removed from Debian Bookworm

[Jonas Smedegaard]

Hi Daniel (and others following along),

Quoting Devel via Pkg-voip-maintainers (2023-05-26 23:07:04)
> I'm ready to help to keep asterisk in the Debian project.
> 
> At this time I'm compiling from scratch on each new version (18 as well 
> as 20), I know nothing about creating packages but able to understand 
> the mechanism with a little help.

I don't see how Debian is helped by your packaging from scratch - but
obviously it can help *help* gain more knowledge on the codebase and
experience with tooling involved in packaging.

What is most urgently needed is someone looking at CVEs and other severe
bugs reported against Asterisk versions now in Debian unstable and
oldstable (and in a bright future also in testing and stable).

I am pretty fluent in packaging new upstream releases of Asterisk, but
do not have time for inspecting, fixing and testing bugs.


> I'm too on community list.

Not sure what you mean here.  The mailinglist used for Debian packaging
is pkg-voip-maintain...@lists.alioth.debian.org - as listed here:
https://wiki.debian.org/Teams/VoIP/


Kind regards,

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1031046: Asterisk removed from Debian Bookworm

[Jonas Smedegaard]

Quoting Antony Stone (2023-05-26 22:09:06)
> I am indeed interested in finding out what would be involved / required / 
> expected in order to help keep Asterisk as a package in a future release of 
> Debian Stable - and in the meantime, to ensure that it remains available in 
> Backports.

Backports is an *extension* to core package maintenance in Debian.

First the package needs to be in good shape in "unstable", then it gets
accepted into "testing", and only then can it (when released, every 2
years) enter "stable" and optionally ahead of that also "backports".

> I have asked on the Asterisk community list / forum to find out
> whether anyone else would be willing to join in, but I think the
> starting point for anyone agreeing to this needs to be - what would
> you want someone to do, if they have the time and interest to help in
> keeping Asterisk in Debian?

The VoIP team currently only have enough man power (me) to roll out
regular releases, and needs more people willing to check for and prepare
and test patches fixing severe bugs reported against any of the official
Debian branches where Asterisk is included - i.e. unstable, testing,
stable, and oldstable.
(Backports is only "officially unofficial" in that it comes without
security support, and oldoldstable only borrows infrastructure from
Debian but is maintained by a commercially driven coop).

Debian work is coordinated through the team mailinglist and in the
Debian bugreports (which act as tiny ad-hoc mailinglists as well), and
optionally the team also socializes and does casual chit-chat on irc
(bridged with Matrix): https://wiki.debian.org/Teams/VoIP/

Hope to welcome a lot of you on our mailinglist :-)


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1042419: rust-ureq - update for new cookie-store

[Jonas Smedegaard]

Control: block -1 by 1042427

Quoting Peter Green (2023-07-28 05:20:53)
> I just updated rust-cookie-store. Ureq needs it's debian
> dependencies adjusting to account for this (the cargo
> dependencies already allow the new version.

Thanks for the update, and the notice.
Your package update is however blocked by bug#1042427 :-(

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1042427: librust-sha2-dev: impossible to install

[Jonas Smedegaard]

Package: librust-sha2-dev
Version: 0.10.7-1
Severity: grave
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Depends on librust-digest-0.10+oid-dev which is unavailable.
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmTDZlYACgkQLHwxRsGg
ASHr6g/+Iam1nLCjSspAqzN7EPY9XdRv05YR4aSPKGM/qKCxC1Ca9KeR/MUOTOe8
sMiAy/TbsIRiJ+PHRWdYgL9b9HcXkqly5SDauREjjSk15CyYTDUK392asQj/FfID
7YIzC9zbQaIPNreY325XCjakotesb4Oa+WMva2X4Eh2V+xC+dMV2FhzKBMTqGqAP
Ua9z4bygdKd96MnGpMfWCAVRv7nE+7MEXImju0n5AalRQ/pj3YGu0Qi9nv5KDwBj
bqcfixUXM9H//ledT0RELLEdAd3TGx/tnUG+wf8evQRA8cV7qc+SvnSi3KBM1Nm/
6EGiw82kGEmrYGn/2oKL0YaqNHVfF0EBDS7t3yDvSf493pwzvLg8b/6KWRgpdY8J
6899uVei8EQW1Glg/aLliq0CpP0L6IpNDERM6Te+OIIhihkKOjv8JTWHX0z7Q8Kj
upBBFx8iFUqTdQeilbJPpwup7CgPyQRCwysvSqjeF+6oU/AsQ35Nq+9MzaWVWNet
lgTbMZQ7xp3nDHLJPIN68FGSK6XhLGHZk32Hx6Xj4ojaKq3I+1Ctp/455CgXWCwT
o9FII/8wcKi+aZpTbwa9O/+wBenYrVfkJIESX11QF2ylaBw+vQUCnQ1ZIfOZBORz
UqHZTJbF6Nw72/Z33B0EBty+VzFD/TMBRiLgpTelUyj6gQ7b/VA=
=G1HN
-END PGP SIGNATURE-

Bug#1042401: sccache FTBFS multiple issues

[Jonas Smedegaard]

Quoting Peter Green (2023-07-27 17:24:15)
> sccache has a couple of FTBFS issues.
> 
> The first is that a couple of dependencies have been updated, dealing
> with this is a simple matter of dropping patches and updating
> dependencies.
> 
> The second is that the build runs out of address space on mipsel.
> The workaround seems to be to use "thin" lto rather than full
> lto. Unfortunately i'm not aware of a good way to do this other
> than editing Cargo.toml. I did so with sed in debian/rules,
> conditioned behind architecture conditionals.

Thanks.  Especially for solving the mipsel issue.

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1041908: rust-rustls-0.20: broken test dependencies.

[Jonas Smedegaard]

Quoting Peter Green (2023-07-25 10:27:09)
> rust-rustls-0.20 has test-dependencies that contain "0.20-0.20", these
> are unsatisfiable and I assume are the result of a search and replace
> gone wrong.
> 
> After replacing "0.20-0.20" with just "0.20" the autopkgtest passes
> successfully.

Oh, indeed I wasn't thinking straight when juggling version numbers.

Thanks!

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#999936: uwsgi: depends on obsolete pcre3 library

[Jonas Smedegaard]

Quoting Alexandre Rossi (2023-07-25 08:12:49)
> > > > Your package still depends on the old, obsolete PCRE3[0] libraries
> > > > (i.e. libpcre3-dev). This has been end of life for a while now, and
> > > > upstream do not intend to fix any further bugs in it. Accordingly, I
> > > > would like to remove the pcre3 libraries from Debian, preferably in
> > > > time for the release of Bookworm.
> > > 
> > > I gave it go, it compiles.
> > > https://github.com/unbit/uwsgi/pull/2543
> > > 
> > > Hopefully, I will find time in the coming weeks to test with some
> > > routing patterns.
> > 
> > Sounds great.  Thanks for looking into this!
> 
> I have something that seems to work. Do you want me to prepare an upload
> and *force* feedback through unstable or wait for feedback as is?

I am ok taking the risk of releasing it to unstable.  Let me do that
right away...


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#999936: [pkg-uWSGI-devel] Bug#999936: uwsgi: depends on obsolete pcre3 library

[Jonas Smedegaard]

Quoting Alexandre Rossi (2023-07-21 08:33:19)
> > Your package still depends on the old, obsolete PCRE3[0] libraries
> > (i.e. libpcre3-dev). This has been end of life for a while now, and
> > upstream do not intend to fix any further bugs in it. Accordingly, I
> > would like to remove the pcre3 libraries from Debian, preferably in
> > time for the release of Bookworm.
> 
> I gave it go, it compiles.
> https://github.com/unbit/uwsgi/pull/2543
> 
> Hopefully, I will find time in the coming weeks to test with some
> routing patterns.

Sounds great.  Thanks for looking into this!

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1040837: [Pkg-rust-maintainers] Bug#1040837: Bug#1040837: rust-log: breaks API without coordination

[Jonas Smedegaard]

Quoting Fabian Grünbichler (2023-07-17 21:01:07)
> On Sat, Jul 15, 2023 at 05:07:25PM +0200, Jonas Smedegaard wrote:
> > Quoting Jonas Smedegaard (2023-07-15 09:55:04)
> > > Quoting Fabian Grünbichler (2023-07-12 19:53:08)
> > > > The feature in question is probably not a good candidate for packaging
> > > > though, given the lack of stability guarantees provided by upstream[0]:
[...]
> probably it would be best to push for stabilization :) do you want to
> file some issues or should I? ;)

I'd be happy if you would file these issue.

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1041386: librust-netlink-packet-route-dev: impossible to install

[Jonas Smedegaard]

Package: librust-netlink-packet-route-dev
Version: 0.12.0-1+b1
Severity: grave
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Impossible to install: Depends on missing package
librust-netlink-packet-core-0.4+default-dev
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmS2VuYACgkQLHwxRsGg
ASEHeg/+I9XHtaLpg9DERDh/oR1xVub7xHjpHOo0Eexgn2jrf2bHf2TOdnESCbBt
wTDJKC35rpU5ozpF2jvbxpsZ0KesqtyYwKUe7l1pIm6Q1/3CIz9Xu/i+KBAfii+I
m1srqjZf2zDuQNh4dVZH1z55ZtTXHs1e/tIlECIdmOcLt2GZ76KWdAYGz/CCTDhA
z7l8PQnkU/RbmA+jKPXUiE5b0kf9l9xeoqNGcWF9nhNj04MQ2nkDaDCY3TSFD7gD
wWLcuvsc7xe8D5m30MDrHON0xlRGko02qe/aWI58oOfYcdIZiiVUVLtT3UyRZy+E
a5M4UtVKs1slBkDG0kIH2XU6m7ue0Z34SD4ynEvg2U95u7w5WNP8xlyHFHMGhujE
Di4sasX5fUZkUK2h7ikq2rmn0eReABRrUNHLdaeiH84CY3XjbSLpXQwlZy0u0Pg6
nMOHLO2hzrjZHKgmgc21fmSjJm//hh/rhlKqMY0HcOUdbSwPquy2SQTigGquhuv8
XEDaIBGuMzctRhVOvdZRLRhIiHjKpavtov2Oxib21MyxVG/r3fJ1RoqRtL954roV
muKssIq/BzYLCqaqAT3X4P3Bw9hSHSpv9UL9RMEqVrdnk57gcK+nrU01ohqkLlch
E6iFGGVPee1pDC4SOEjLO62afMb2iTgSnBrGksPPthrtuGoZRjg=
=Jud/
-END PGP SIGNATURE-

Bug#1041385: librust-netlink-proto-dev: impossible to install

[Jonas Smedegaard]

Package: librust-netlink-proto-dev
Version: 0.10.0-1+b1
Severity: grave
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Impossible to install: Depends on missing package
librust-netlink-packet-core-0.4+default-dev
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmS2VpAACgkQLHwxRsGg
ASGcNA/6AyKMVC6CDJmtvKJy/Cu48JPhuc0jQIyKFzm6eCju3bDYtejKYwxhOmKl
pCOqoQPErQQj06B+zxTNlPY735WQtZxFiYUMh2okv7Im94u5NFhl53ipNaWkVjYH
IyQt7P0yWSSLk3V4/dy3sgcdLAAZNA+TfIgQDtm3OETLgqMzB3kK1jnZdOTfFcvo
V+VV/CZP8KfslZspomsBxyVmoDc6fGMmI4Hd047cniHcb4DvgzaLnH1i3n0oqfnc
HFw+/M/Q2SruF68ULeGcfwgMLsKsNJZzhTFz1wWdAO078gcGR2zxGUort5ncWBmL
Gg9EzfW1Gg2lAmlwenDBx/RH5CKu25iqkvRSsbTWGVcdnpLblfDQfhMXOa7+GeqY
38sSPco8CpXlR0TGcli5mVP6nTZN9ExHvc/ZkA8r5gegl7EU2w8fJ7jMjm1cEcyP
CLozTr7wv3D7qdRVScx6XabgUpLiMACUNT7b05nrgOIDYtgr/HxAUpVYM6C+bzX5
I2Kyh53hAWiqRlvMfJTIdRCvmm4Yan721b8wrOxhS+tgpAlv5+sqg/m2E3nji6LS
yqIA7GgFITQUoDFxyy2E13ncFZgPpAOtvevdV6vZSAa0assIgaK4wH7EeLOdLQ8Q
l6jPYXQj1DZUS4pXBhMhUyf8Ww4tr31rLTJCLTLU4HWXI3ThcVo=
=YB6S
-END PGP SIGNATURE-

Bug#1041384: librust-derive-builder-dev: impossible to install

[Jonas Smedegaard]

Package: librust-derive-builder-dev
Version: 0.9.0-5
Severity: grave
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Package depends on missing package 
librust-derive-builder-core-0.9.0+default-dev,
rendering it impossible to install.

 - Jonas
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmS2VfYACgkQLHwxRsGg
ASHj0g//bUDAwTeu7qqtjkEHUNDKBuKTu676ESwwMYj3oQYAE2677X1Gythob9oe
RqXnfgRj9M+cgp2Mmi1q9902q/5tDUWXv66ecnESZZbk3fTvO4k6N3DWbxfwuwwl
atsaDIbkEHwBrD4p7yuHnboruxRj4q7l5LJsLdAZ+d0S0ugZcx9whoxjRDHrTt8X
8He0OFBb+L45vrJQw8I7yv6VlcuVsm6aoLCK7t08p0LJTYlf7f+uctYBNlpxZjVc
4jUh/3GTu6WzmSr3UKfMY4SpycL7688vth5N+nb7RvhW+Q5FBj9g7rzIQjxM1Bt1
QBkr3EolSqyarfYwzOwnY3bLAERCO5kws1mkE4mopLe6ylfypIGtduzm7ChtM+E3
6JLg1GXyjcsrCYuulrVdRHKts/6zrTLCmFZnal/WmPM7gb3OhT9P3vcZSiOXGKXC
wfd/80/qg8mAIlzIQHWr6nuAVlp/HEnTGon8b+Kc5rW2U01xF56MvJMGEFvf6KdG
bMIyEjvdji/cLqgZshOiQfVKDb32onUVt2AuUURUcg5peDSIC2thsgJkWGl4N2ze
gvLPiOtLhPm/8G7hdHSySlofSFGjQni2l4v3pj6tMk7MQCrcrZhWtezrjocmTO9Z
3j/PMGyeJxCVtJPDcl1eyAbwuA7dESbmpRglmx418Etvqm0VwPk=
=CMTF
-END PGP SIGNATURE-

Bug#1041233: [Pkg-rust-maintainers] Bug#1041233: librust-heapless-dev: impossible to install: depends on missing package librust-heapless-0.7-dev

[Jonas Smedegaard]

Quoting Peter Michael Green (2023-07-16 14:46:40)
> > As subject says, this package depends on librust-heapless-0.7-dev which
> > is missing, rendering the package impossible to install.
> I don't see any such dependency, was this a typo.

Ah, right, silly me.

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1041233: librust-heapless-dev: impossible to install: depends on missing package librust-heapless-0.7-dev

[Jonas Smedegaard]

Package: librust-heapless-dev
Version: 0.7.16-1+b1
Severity: grave
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

As subject says, this package depends on librust-heapless-0.7-dev which
is missing, rendering the package impossible to install.

 - Jonas
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmSzorUACgkQLHwxRsGg
ASEYzA/+Mf9A/D4IrYnE/idXf+Kl0vI4K5/TVafZ6QR3KIzl3XFjo/Xf/P0feEW8
hIx+2LHCK8dpmoXoloG6k5sMc3XvoOaQEPi4Hx4i1uLxWEK/lxWpXC81vrse1bqq
LT9t8IFxDwHpcdYN2RIEQQR4U8GJ3s/CPYBhk0XUrkrB7nj/NRMqHMWfUWDEue8c
slJBeai0vkb2pMHQoYkRb0CjjBkpREfbgCgPZacSPpxrhN6+tFsT/2QpyuriaPxj
uFf7Q+MNfaH1ENoNc78+odor+mpMyD6m6pQ8zsFyyRqmMlVsSefoNlwz3UN4Pf15
MY22B913aNFJAINz0jISqUMn+XiuMO3JVepSem0DV9XP4N8YrPtBVAQRVBXjX53X
SVPbW3iWZQU8rPhLZMx6KlPjTyiEIzxJhDfqCOzN32FFjbfCtaGKcwpuXAYznYDI
LOZHcwHz+GwNrYRzTormQ6fMCWkTcTVeo5jhlqMd08NwrVs87Qy6fq6OY20p8T5o
ryGqZiJx7tZ4ZAxCQamTkEjGek1Vh39+aQ5tgvckYMqXnomXFmQExlAigkdgs5X9
1yd6jutKv9Yotf2IyU8kBKn6fo9TjmZjxMnN4axMCYA/U8zHn3yknjm775lruTTN
C2m8e5iX+Sp6juEJhei7ttd/YAMJONTCMLJgikSlDOWpkKmsVe8=
=jdYT
-END PGP SIGNATURE-

Bug#1040837: [Pkg-rust-maintainers] Bug#1040837: rust-log: breaks API without coordination

[Jonas Smedegaard]

Quoting Jonas Smedegaard (2023-07-15 09:55:04)
> Quoting Fabian Grünbichler (2023-07-12 19:53:08)
> > The feature in question is probably not a good candidate for packaging
> > though, given the lack of stability guarantees provided by upstream[0]:
> > 
> > > This module is unstable and breaking changes may be made at any time.
> > > See the tracking issue for more details.
> > 
> > The referenced tracking issue can be found here[1].
> > 
> > While the required crates (multiple ones from sval-rs/value-bag) are
> > being packaged (mostly done, pending a re-upload to NEW and review
> > there), I wonder whether enabling the feature was not a
> > mistake/premature in the first place.
> > 
> > I did a quick test with ratt with the attached diff applied, and except
> > for rust-sequoia-net (which fails for other reasons which are already
> > fixed in experimental and just need a re-upload of the version there to
> > unstable), building at least worked fine. I am not too familiar with
> > either async-std, nor the kv feature of log to say whether this approach
> > would be feasible - I'd be happy to hear your thoughts though! IMHO
> > keeping this unstable aspect out of the archive for the time being would
> > save us all from periodic breakage, with log itself (without the KV
> > feature) being rather widely used.
> 
> Makes sense.
> 
> I will go through those of the reverse dependencies that I am involved
> in maintaining, to see if th unstable feature can be avoided - and might
> reach out for help if I cannot figure it out on my own.

While I appreciate your suggested patch for rust-async-std, the main
obstacle to getting rid of the feature seems to not be rust-async-std
but instead rust-kv-log-macro which has 19 reverse dependencies:

aardvark-dns
rust-ahash
rust-ahash-0.7
rust-ashpd
rust-async-attributes
rust-async-std
rust-async-std-resolver
rust-async-tar
rust-erbium
rust-femme
rust-flume
rust-futures-timer
rust-oxilangtag
rust-oxiri
rust-rustls
rust-sequoia-net
rust-trust-dns-client
rust-trust-dns-resolver
rust-trust-dns-server

I am not happy to create Debian-specific patches to somehow replace
rust-kv-log-macro, and even if you were kind enough to initially create
such patches there is still the headache of maintaining them.

If the feature in rust-log really is considered too unstable for use in
Debian, then it seems to me that we need to convince upstream projects
to acknowledge that and themselves avoid the feature.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1040837: [Pkg-rust-maintainers] Bug#1040837: rust-log: breaks API without coordination

[Jonas Smedegaard]

Hi Fabian,

Quoting Fabian Grünbichler (2023-07-12 19:53:08)
> On Tue, Jul 11, 2023 at 01:47:53PM +0200, Jonas Smedegaard wrote:
> > rust-log 0.4.19-2 apparently removed upstream feature kv_unstable
> > (according to inspection of source of that packaging release -
> > related changelog entry does not mention that feature).
> > 
> > This change to upstream API was done without coordination with
> > reverse dependencies, and breaks at least librust-async-std-dev
> > and its 17 reverse dependencies.
> > 
> > Yes, I am aware that changelog entry indicates this being a temporary
> > change, pending packages lingering in NEW queue.  Please don't release
> > breaking changes without prior coordination with reverse dependencies
> > (e.g. the changes that cause bug#1040702), and in cases that is not
> > possible (e.g. when accidentally ending at bug#1040702) then please
> > notify reverse dependencies e.g. using a bugreport with tag "affects".
> 
> This was by mistake, and not on purpose.

Understood.


> The feature in question is probably not a good candidate for packaging
> though, given the lack of stability guarantees provided by upstream[0]:
> 
> > This module is unstable and breaking changes may be made at any time.
> > See the tracking issue for more details.
> 
> The referenced tracking issue can be found here[1].
> 
> While the required crates (multiple ones from sval-rs/value-bag) are
> being packaged (mostly done, pending a re-upload to NEW and review
> there), I wonder whether enabling the feature was not a
> mistake/premature in the first place.
> 
> I did a quick test with ratt with the attached diff applied, and except
> for rust-sequoia-net (which fails for other reasons which are already
> fixed in experimental and just need a re-upload of the version there to
> unstable), building at least worked fine. I am not too familiar with
> either async-std, nor the kv feature of log to say whether this approach
> would be feasible - I'd be happy to hear your thoughts though! IMHO
> keeping this unstable aspect out of the archive for the time being would
> save us all from periodic breakage, with log itself (without the KV
> feature) being rather widely used.

Makes sense.

I will go through those of the reverse dependencies that I am involved
in maintaining, to see if th unstable feature can be avoided - and might
reach out for help if I cannot figure it out on my own.

But until succesfully circumvented in reverse dependencies, I would
(obviously) appareciate if you could continue to keep that feature
alive.

Please when you patch away features, document why more clearly than
within the changelog.  I (hopefully consistently, but might myself have
missed some) mention it in debian/TODO which gets included in binary
packages as well.


> In a slightly related note, there will be two upcoming transitions that
> will affect (rust) packages of yours (bindgen to 0.65, and toml to 0.7)
> as part of updating rust-cargo to 0.70. Would you appreciate bugs with
> patches filed before the transition starts, or do you want to handle
> those on your own? You can find some details in the (WIP) tracking
> issue[2]. bindgen should be pretty straight-forward, for toml we will
> likely opt for a period of semver-suffixing since the versions do have
> breaking changes where breakage is not detected at compile time.

Thanks for the warning (and for doing those upgrades - much
appreciated!).

Yes, please generally file bugreports ahead of time against (or
"affects" tags towards) reverse dependencies - it is not only for me,
but also for public transparency that we promise as part of our "we
won't hide problems" attitude in Debian.

Kind regards,

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1040837: rust-log: breaks API without coordination

[Jonas Smedegaard]

Source: rust-log
Version: 0.4.19-2
Severity: serious

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

rust-log 0.4.19-2 apparently removed upstream feature kv_unstable
(according to inspection of source of that packaging release -
related changelog entry does not mention that feature).

This change to upstream API was done without coordination with
reverse dependencies, and breaks at least librust-async-std-dev
and its 17 reverse dependencies.

Yes, I am aware that changelog entry indicates this being a temporary
change, pending packages lingering in NEW queue.  Please don't release
breaking changes without prior coordination with reverse dependencies
(e.g. the changes that cause bug#1040702), and in cases that is not
possible (e.g. when accidentally ending at bug#1040702) then please
notify reverse dependencies e.g. using a bugreport with tag "affects".

 - Jonas
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmStQWYACgkQLHwxRsGg
ASFQmA//T7YBt6K57PjQQprhCL1uVl18wnVPVoTis4B+V7C3ZBDTOn4t+vKLegEt
yYLSZl5jr/+3W+eBxhYhgcT+VQifmh/BnDwjPP/EaQ5ggbWgX2wJf5SE0LFiCoRc
l6gRIwaLz6faIp0otVR2wBjO5oaWZ51JtTJ2Lu3UnnLyV/s8xHMg+KytA0JGJp2f
z2vsA/DIAzYVlQ4bimACZKnvVhiIfnqa1XoKvyVq1iR0zvWVs3okNZmyABhVHKJD
R6CGJx+mGoXZ8AaTQfItT2IIZWWJOu4NqORa0X7KZ4PQKBoC96+GnfY400v1Udb4
NcgQFWZWkWoxjL9h+9crfIANYiPKQ0nDLpwymt1W6SsnIUpiZjFDAJHw6bAsWcES
A+e7BF1fI/XaTKf7GI6Co3zuApnuhf1ILFUmRLt8ZBasP2li1kc3XEE3KfaLjfCE
eR0UaWxN1ZwX8SbipI8Dq7A6W1hKlHEBbtro2/6VUZQBp4g69C537BCigwo35d2c
J5hk3D8+24Fs/I6zA/6rMzveo/cU+fCC5iXccnBOXG+J0cgJqwz2AgETnpM0aJs8
8Gn7DFwOANYdDu9s6xXTfnRggG8e1+pJ4yiJJHKhF4TCwU5aDfmWOZRwk3Zi8xTZ
06h4fB4Iuz7mzFHn13W5PaiSXsJAMicEFleSCy/m58hSgzNh5RE=
=ny+x
-END PGP SIGNATURE-

Bug#1040835: librust-async-std-dev: impossible to install: missing dependency librust-log-0.4+kv-unstable-dev

[Jonas Smedegaard]

Package: librust-async-std-dev
Version: 1.12.0-12
Severity: grave
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

As subject says, package depends on missing package 
librust-log-0.4+kv-unstable-dev

 - Jonas
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmStOnoACgkQLHwxRsGg
ASH1DQ/+Jee7Qjc9WF+0rPtbh/0+GciU/3CqbOku9qRoeNgVdppXD/S3EYKJ6n50
2Ioyxfa8Wgd0OXiEvFVZAWrOx3VmdxoyvjJ0aA7SJ9M1X84+rlBSbdPP/39HO4N1
/nyBZzeOC8w84XmhgP3/c0ADzELeNGR/gzfFX/IrfhebHCaAtAuV2YwB0T7EPs0U
M3frzzS99E/yx8R/w3kCgUVjxQ4gQzW3G66vnD9GeMArulGlQ3jhtotbtCITegit
6XKjvDeYKzydFiLd0wDaDOnabfADI7inMhL36qBbenDavAQFkRvq6ud5eh1zRpu7
DZ3zvAbwFVIm3/bfZW3FD0Ex5rNfL504BYtglvFZphP7kVNKyzUuLViVuiyIDuWO
Knw0PnZNQsCpO3rfQmIGnTQfUtyeJbC+xkPz9vDF6/2mDp4P8c0TpnStpE9j7RRM
buubJTfEicjJSRIAmJXcGJIUcdIkSxSQKb9ieEgwC3gWitK/do1rLtOcH25NCGXx
JJJ6u2UnfY6utmXYgICRfmX1oQuLVXNLPoU4UhPNYUVs4HnjwIVNoJL3RkZ5dAoX
4EYBDjlhKCbMVqwqzMSpkaDdEKqVXGykiuB+dhudU3Q3LaUgklsVfQ8Ctwywfh61
roHpIFU8x0kocZp3GIP4jdgXW74j46CQRor2RKVepUakQ7BJO0Q=
=2KAX
-END PGP SIGNATURE-

Bug#1040702: impossible to install: depends on missing packages

[Jonas Smedegaard]

Package: librust-log-dev
Version: 0.4.19-1
Severity: grave

depends on several unavailable packages.

 - Jonas

Bug#1039939: librust-wyz-dev: impossible to install

[Jonas Smedegaard]

Quoting Jeremy Bícha (2023-06-29 21:48:18)
> Control: tags -1 pending
> 
> rust-typemap, the required dependency is awaiting review in the NEW queue.
> 
> https://ftp-master.debian.org/new/rust-typemap_0.3.3-1.html
> 
> By the way, have you seen this report? Hovering over the architecture
> provides a guess as to what dependency is missing.

Thanks for these status reports, they are helpful.

No, I did not trace the dependency tree to try second-guess *why* the
package got broken.

What I generally do is a) double-check that indeed the package it
completely impossible to install, then b) silently curse the Rust team
for flagging all autopkgtests as "skip-not-installable" so that this
class of bugs require manual reporting, then c) check if the package is
already lingering in NEW, and finally d) file a bugreport.

Sometimes I skip c), partly out of frustration as per b), and partly
because the bug is still a bug when in the process of getting fixed.

Kind regards,


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1039939: librust-wyz-dev: impossible to install

[Jonas Smedegaard]

Package: librust-wyz-dev
Version: 0.5.1-1+b1
Severity: grave
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Package is impossible to install due to missing dependencies.

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmSdyl4ACgkQLHwxRsGg
ASFjrw/9FbzNM6Hw+bYWxv8tn1pJcySdZCNt5L/B9WQB1OnHDKd2xj2OKnIeSuHM
Ubg99PekvUzIVVQ1Ae0iRG/x553fCxp5FloPssJegS7+XBGbmSlVcCfaEbsEzTFq
U9DR3dNS46pbJR0ZBIbUjY9lI7E6AMDRRB+tx6eakHMoIZUIQD3JJ+GqGclzKK3l
sJ0MCRsI/twY6Ye7oCpEIolGAv5zHbI53BIeVf7Ke2YyXRYKc0VopjlYdp8bLTSi
Ju7RDrk9qH4RQmYYng9MGrUGDfPfJnZwCfMLIxWcE+/8iNYEzEKhXZfWDPYUzl0P
RkJA0m1H62+dWmiUh++scTmtZ9XZYHrhPpk7iYmn76X96Fn78MA6rdYbHlOWDoaT
Tym1MV0r5Cs/Fm2hkIUggTiGDW8Q+uJgy9HtjfBRT8EBf2rlywIyTarh6yPIZHo6
c2qqpOEN17/UjQ2AjBeq87t+TReh+amVhexUwlMIJVkzU0N08oZG2LkV6Xks5q+S
a929Oy1aBljX7Nqiqthkkaoic2f6G0iQK6nLigTSAFkXusQURzFYihorzD9XyMPc
RjwdGP1qy7iwVuBr8Sdf/zHKirngf4hfmiuHDG16aOmyUCUu+Pf6P1QadkWWPJvp
vSfroGuBOSUEWqXglEYyPZqYDi+RUZ1cbIIii4m3Q7GctM/GVJI=
=goP6
-END PGP SIGNATURE-

Bug#1039938: librust-aes-dev: impossible to install

[Jonas Smedegaard]

Package: librust-aes-dev
Version: 0.6.0-1
Severity: grave
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Package is impossible to install due to missing dependencies.

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmSdyg4ACgkQLHwxRsGg
ASGVAw/8CPJJ9/qVnPjc+/4jeZWAp696radIMoRpfbrzOImD9LH095qw9njA6SE6
Q1b0i8wDxv6hJQIbqpFGtEuayGdk9+du65u+BiDPvsY4ImvqHIOub1hFlBSNvl0O
IS9MRTawj3nG5e315n3WiwZSr+bEQs0WWJ8Kh/o8yyf3OIJ/guF0HuTcGNpadGg8
B8aWGnZ/iPcrUWN1UvdPnPvMk4AvimX993KPN6NcjE8KMb8xthGjv5RcZLezqQZT
D0BOvyHCtbV4XGy5c4o+IGed2hFRHeBrlVFMfENocizs7f3sJ2uKv0tF5il6d6yd
Juo4n8QUKZ5a9/3qkpOnJkh42eVzRA595mkoCEO4WE6YrXMMEyPbNk9XPZ1auviN
inyAExRJPX9H0r4L54X/9TWiww+ijbuwzVostD2ZJHTI0G+EuQBb+D5UJ7z6Ind3
QCJu1MwGiFMBsNVFfYyg9VIEKfaJB7C1MJLyLDxLHJUNMFJ/CMoI3r9v5VBPe+Q0
apFp3ZsYYrvEiTdREH+FMcsHpratF8bjz580mE/0ZCj6SOUwcS1JB6j1EzqgMSst
QGI/jY5JdmAv9QAcgGFa3SYy1mWIntW6huHLDNufA8MCNYC/UcT2JlgTnd4aupKW
fBCCuzF7NNW534DKvno/zMtwyyO/uLxqLLv+B0xRo9WjjWF+yhI=
=+IqD
-END PGP SIGNATURE-

Bug#1039694: librust-iai-dev: impossible to install due to missing build-dependency

[Jonas Smedegaard]

Quoting Jeremy Bícha (2023-06-28 12:57:16)
> The required package is already in the NEW queue.

Great! Thanks.

- Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1039694: librust-iai-dev: impossible to install due to missing build-dependency

[Jonas Smedegaard]

Package: librust-iai-dev
Version: 0.1.1-1+b1
Severity: grave
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

librust-iai-dev is impossible to install, as it depends on missing package 
librust-iai-macro-0.1+default-dev.

 - Jonas

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmSb9usACgkQLHwxRsGg
ASGgVw/9F/nee7G0Iqmkb0siU/oZorrQUnxvN/Btdt6c8Jc/ldX37XfizJ1h+TOA
cnjHTGUYWnaFRF22iz5Na5ZjjwofhRwgRD107FsX/ZGTm16QfU8RUriqXMrxxyMP
AkC/hr+hlmESEWcapmT++i/VBu+HdEb/reJ2Y+CQ7OXUl4dDtORlRmbLA+ObW8aF
917lE0SWv70iYOQV+j/lYgD/X4FR0+i+j/6KmVEa+dJCbAufGBd41z+J/2Ol2ZKw
9OgrUhKVJ0gi6noO6ujl8yokM3l+lRfxa7+rYhueLwojBEwibDz5f6zn69emxoy6
a9O/Ny64FNPiL8DLxFSMrgZ3bEavW4JMCbL10so2L0ppf5L8dhe59uKNqrIFLj2W
teaWDilrSqMqMLjA5f+Yo0Dz4wCgEXnrTaaNqgJixq28Aj18mZ6iNw7S4cBGt0Kr
qbpMANhaHtrPSotoCH8Lf4H/ODq7ixyWvY0da6YuyN0taB3gK3+Z66XIYZchJTKM
ORmeR71tJ7thCv2EGvHrdCcvtha3Jc+73X0Px+OfFMhWtZP+Ks4z3ec8AiAp7Upb
gAghyI/8RKybMVia7Bm8DAZFlk1KGHi8OL/jW624clE1EqTB7jUeCgBsf4RVpx3C
H3A1O5LYdxoB8wfTGBqejvwFSGsNW+g0nciJ3/Avp2in+VGE/0s=
=Jwi7
-END PGP SIGNATURE-

Bug#1039692: librust-gdk4-wayland-dev: impossible to install due to missing dependencies

[Jonas Smedegaard]

Package: librust-gdk4-wayland-dev
Version: 0.5.5-2
Severity: grave
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

librust-gdk4-wayland-dev is impossible to install: It depends on several 
unavailable librust-* packages.

 - Jonas

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmSb8Q4ACgkQLHwxRsGg
ASFjTg//QyY7yIqTw/ouzNa56P+lsIYWUuSQ5ry2W7hzV+7k10Tf0ZLS0y7kfpGB
Lfr5U3yrpAJcsxkVI5/+xByRWLZOvvlJJDayVgIFnJ0afy3EiNtng1f1yk0F+sa5
sE+KjEMUlPnS+N6vfC2nVDai2S1AdvrMFn/rwjv4c64hhzwy2N/UQec4SYbQK8Fn
2kc827FLm/03aSo90hPK8E7irJjsNQwuIz3uxHH5ctRz11/kidQoZLb0lODo0cx3
hpAxtIdk5JqnfAsomwd33z6hx+h6yO0CelPIyRGV/Z8Sg97SWdto6uLgc4wkINq/
C80XANw/PkN5KAia51zxqu5sEGakQsy8VOAPlOH2eFij2xJJ0N14rna4ZE1z1Fhj
GvLtZEt/WmHs5REteVsn42fzCK+6DJbmkm/vG0TaWrYqmcEUdPu6QP5EGMcA5Li6
UDItVksVxPfwLqSx0ngMlmEkLkPMVudPBHy7b6EyU4CUdI38BggqoNbkmnKXOuUM
pK8kGx8qsbQXoD5Y28XT9aN8cuCXo66/bykwmyROEud7xYG961BktuhWu6miC47J
3H4DG17LKIKSV0qj3IdCW6LBcXQYpqUppOFtK5TCoCX8mpWlKVXtB1AlfK28Manq
y4PFB6i+rGkdPwl8SQCzfp3SVwNNuHeToZPc0MiVNEYLRV0XSPA=
=d0kW
-END PGP SIGNATURE-

Bug#1038873: rust-shellexpand: copyright file not in machine-readable format

[Jonas Smedegaard]

Source: rust-shellexpand
Version: 2.1.0-1
Severity: grave
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

The debian/copyright file is not in machine-readable format.

Normally that is a low priority issue, but apparently debcargo fails its
call to dh-cargo-built-using in that case, so raising severity.

Probably the reason for the failure is that the file lacks a header
section.

Another issue which I suspect is not the cause for failure but nice to
correct anyway, is that each copyright holder should be indented - i.e.
two spaces left of each copyright holder.

 - Jonas
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmSUMEYACgkQLHwxRsGg
ASFGaA/7BWNHvay/0qB73G0DhfWvd75RDZ3XJNELLFDCqsp9IJ9Du5/lO7keoPx1
XtC0WczXP3V0iurbqONCpX+Y7tw30pwzgT1fpx75RfH2Z4IaYs9eqwGq1zYbJdp4
n9v00pjbtxBSu79Bp1E2kVf+UEWVX09b6br7SDWAsweOaN4qQTQMO87OmzGXREnW
5rYLE1JDueij7zUV4rkY726u6pfXDsO9P4J6TnjsDQjIjMKRdaRluicyH7AhEed1
QMEOBiKsTc899Nly+O3C9eofOTuGG+uJsEd3WhJmLYK9yyfZPU86FyQv7Mb2BXAx
jfm8Z5oenprs7UcU45iWHprK6dKFxrz4knUDI9/hZHczKcza3Y9UAWDxuJZ10AUJ
LIxABdblnkX3KqZ4HPL2oUUSO01zRJCsKPwQgIvMsNddhd7AHMhinxFyTqtHS2v2
d7kwgp/Jq6AZFw+nFiLAj/XYP+abZYBytlOoL2646DmoLD7yP3gAtlHYMDEkJpHk
l9RH8g6054j5Adc408300i+ssDNNCCLz/L7P41/cv2zhaKlH3h4fvpHL/+SSjHnX
Vqy6FBPSwLVsiZZufANUrJCXgS7IZ289VxeBK8JH0MQ2bQ6/oYaPHgRkGvyvdYwy
cl+iqlgBNdqIA02358rHrZEBvGnkFGnprAL4cxcSMFROUF6NJf0=
=PH3x
-END PGP SIGNATURE-

Bug#1038756: librust-zbus-dev: impossible to install: depends on missing librust-quick-xml-0.26-dev

[Jonas Smedegaard]

Package: librust-zbus-dev
Version: 3.12.0-2
Severity: grave
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

The package depends on librust-quick-xml-0.26 which is gone.

 - Jonas
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmSSHhsACgkQLHwxRsGg
ASGMhQ//c542ccb2CiKa1t60dmlpXTHy5hQ9QzqKDmFbTlvku4qJfwnnUp1QPyTH
iwU5CVvNFWRdexTxDnyqCIOts4lTlMv59eOeWJq2mMT9ZnWOtfv2j9glarISS3fs
xhbWYxowDv1nuASYS2WvBN8LGcBi4yIN7mdx7AzitXaLhkHfHy1puoshpZcQjrZc
SE4ZK9XBXyeIPwNm9Yr5nBkdIOzajdFcymVSypIyOqqMJ+rg0jDGy+7YtVKcd0Bq
m/0Q45gg8JwnzhqJkm1+vlTIpMzYnE/QYrQWJ2tt+NxQB8GjLjH6UHQfMfbJ4njV
RrdH26cESFxBOy7X30dxhMR3otiX1tRHfFewfctwHadbvE38eRF9+nH0NRrKXoS2
BvlSRim0UbchiMYPHdO2WZUQpup12+WrGA6pACT4BftqO++wlWIifN/bqVBolpK2
JYUNpOFfuWMiGjm005U97o0Jewij7YDZRVPOzElBl9xcR048XPhyPC4ReUnR3BNY
kBeTqLzSSkNCrMh6dZ7rq5jHVaEFoxx7RYBZe/gDyYCsmUE9c4xKUz2CIsXFqEIv
vqfTsXKs/5M/RnqDWr4WF4plC/glwluSVpbyr8uzS87rNnleqJW8h1Y2S13UQojJ
81SkxBP6Z9mP38diurUZx61uaahDrz0kKX+ryIOdSiIvwwfJiJ0=
=29YD
-END PGP SIGNATURE-

Bug#1037977: rust-ureq - update for base64 0.21

[Jonas Smedegaard]

Quoting Peter Green (2023-06-15 06:35:02)
> rust-base64 was recently updated to 0.21 making rust-ureq unbuildable and 
> uninstallable.
> 
> Upstream already has a fix, I grabbed it and added it to the Debian package 
> and it
> built and passed autopkgtests fine.
> 
> Debdiff attached, I may or may not NMU this later.

Thanks for the report.

Instead of using the provided patch, I have prepared an upgrade to
newest upstream release which includes this change.

Unfortunately I am not yet able to build that, due to base64 upgrade
also affecting rust-rustls-pemfile and rust-cookie - which you already
know and have dealt with earlier today.

In future, I recommend to more cautiously release backwards-incompatible
package upgrades: First release to experimental as a NEW package, then
when approved by ftpmasters re-release to unstable, then when no longer
wanting to maintain the older branch) file RC bugs against all reverse
dependencies of the older package, and when none of those are in testing
(which happens automatically after some time for packages with RC bugs)
request removal from testing of the old package, and then later from
unstable as well.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1037415: librust-grep-printer-dev: impossible to install: depends on gone package librust-base64-0.13+default-dev

[Jonas Smedegaard]

Package: librust-grep-printer-dev
Version: 0.1.6-1
Severity: grave
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

librust-grep-printer-dev depends on librust-base64-0.13+default-dev which is 
gone.

 - Jonas
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmSHKHAACgkQLHwxRsGg
ASGMJRAArH4HaVhzJXG99ayt8E9iZ6NSdECmqVndJSfUFNgrjXpy7cImi394cK94
0aA3yq8MdcMYh23gJEcW975YU7cjKT8WFHKsGvkYUZ51RDbEKAJly6tGp+mMHKA6
k2MGNJNejJlyNEL7Zd62Mq3wNUD//mz4aYn75MPkF3ucgSkw3l7/rh+jHbrLwiUu
mXFRt0ZJkTR93UmpNcZDYmfjmaZ6/IFQ1sOwaCjZkP4NtPBtc4W97bdBNtcypNMr
WiuPtTpUDArauX/MGu4v4KiY+EZa7AYdfdzqRHXkolH3nHOrjOL8QDwWdXXjBQ2V
iuoaFIrQPUHNx1l93rotFUQYCuIabszdTutIuZgRTOxCgnsmqg88JqIifqFK8RHj
zf7/LdahBDP8G0VV72LgB+VrLIT4nJNZNYciATKMnMn5zh9ref1FIOlfEio0KVgJ
9NrrwD9PPujEVVTe55b0lIKd24O57qs4SF5o51skLEshAqDS7ymCL95zWv/mPC76
yOgZhdW6ttfWgmrmLLqNiCgPJ9l6ydLzprU+dHyBx1hqo3iFVsvsAoLzseZdVWAM
nO7Tfo1x4cuVTb62AC0hFja05/b4HkuP6+bwVX6AHllvlKu7Uo601HUtHbFzhVmT
4htlWV+7Wp8qeE95IWZkYxWJXyXSe2xXLG8QRb1wOJGqCZL/JtE=
=3JpT
-END PGP SIGNATURE-

Bug#1031046: Asterisk removed from Debian Bookworm

[Jonas Smedegaard]

Hi Antony,

Quoting Antony Stone (2023-05-26 16:58:54)
> I've just discovered this "bug report" and I'm very disappointed by it.
> 
> Please can someone tell me:
> 
> 1. How many people are involved as Asterisk Debian Package Maintainers?

Asterisk is maintained in the [VoIP team], and in principle anyone in
that team can contribute directly to the git repo of asterisk packaging
(and also most of the approximately 1000 formal Debian Developers has
write access to the git repo as well, but will only do so for simpler
quickfixes - anyone generally interested in Asterisk maintenance is
expected to join the team).

In reality, however, not everyone in our team are familiar with all of
the packages we maintain together.  In recent times, all [releases] of
Asterisk since 16.16.1~dfsg+~2.10-1 in January 2021 was issued by me,
and before that Bernhard Schmidt (almost) solely maintained Asterisk
packaging since 13.20.0~dfsg-1 in April 2018.

Unfortunately [Bernhard cannot grasp] how I embed PJProject, and I
cannot grasp how he did it previously.  Effectively, Asterisk has had a
single maintainer for the past 5 years.

[VoIP team]: https://salsa.debian.org/groups/pkg-voip-team/-/group_members

[releases]: https://tracker.debian.org/pkg/asterisk/news/

[Bernhard cannot handle]: https://bugs.debian.org/1014133#25


> 2. Has this number decreased noticeably since the previous Debian release 
> Bullseye?

Asterisk packaging in Debia has had a low bus factor for quite some
time.


> 3. Has anyone contacted the Asterisk community (for example via 
> https://community.asterisk.org ) to see whether additional volunteers would 
> be 
> willing to help with the effort involved in keeping Asterisk in the Debian 
> project?

No, I haven't done any recruitment work, and neither has anyone else -
to the best of my knowledge.

If you are volunteering to either help yourself or to try do some
recrutiment, then that's much appreciated.

Unfortunately it is too late now for getting Asterisk part of upcoming
stable Debian - but it is regardless helpful for the maintenance in
*unstable* and *testing* during the lifetime of upcoming stable, which
includes the ability for offering it unofficially for upcoming stable
Debian through https://backports.debian.org/


Kind regards,

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

Bug#1031046: asterisk gone from bookworm ?

[Jonas Smedegaard]

Quoting Bogdan Veringioiu (2023-05-23 14:59:48)
> Is there any news from the asterisk maintainers regarding this?
> what are the chances that asterisk 20 will be included in bookworm ?

No chance: It was removed during freeze which means it will not be part
of Bookworm.

Sorry, requires more man power to maintain than I could muster alone :-(


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1035005: [pkg-uWSGI-devel] Bug#1035005: [PATCH] Add Replaces on uwsgi-plugin-jvm-openjdk-11 (Closes: #1035005)

[Jonas Smedegaard]

Hi James,

Quoting James Valleroy (2023-05-19 12:33:50)
> tags 1035005 patch
> thanks
> 
> The attached patch fixes this issue. I tested by unpacking the package into a 
> Debian bullseye VM where uwsgi-plugin-jvm-openjdk-11 was already installed.

Thanks a lot.

You are quite welcome to release this as a 0-day NMU.

Otherwise I will try to find time for it (I am currently studying and in
exam season, so pretty busy...)

Kind regards,

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private