severity 103 normal
retitle 103 rust-encoding is unmaintained upstream
severity 104 normal
retitle 104 rust-boxfnonce is unmaintained upstream
severity 105 normal
retitle 105 rust-const-cstr is unmaintained upstream
(summarising several bugs)
there is https://rustsec.org/advisories/RUSTSEC-{advisory}.html which flags
that rust-{crate} is unmaintained. Since there are no reverse deps in the
archive, let's exclude it from bookworm (or rather remove rightaway)?
I don't know what tool you are using to check for reverse dependencies but
whatever it is does not seem to take account of virtual packages correctly.
(unfortunately I don't know of one that does, I personally resort to
grepping the packages/sources files which works but does produce some
false positives). Some other rust team members use list-rdeps.sh in the
debcargo-conf repository but that only seems to take account of packages
packaged through debcargo.
plugwash@coccia:~$ zcat
/srv/ftp.debian.org/mirror/dists/sid/main/source/Sources.gz
/srv/ftp.debian.org/mirror/dists/sid/main/binary-amd64/Packages.gz | grep -v
Testsuite-Triggers | grep-dctrl rust-encoding-0.2 -spackage
Package: rust-bat
Package: rust-gettext
Package: librust-bat-dev
Package: librust-encoding-dev
Package: librust-gettext-dev
Package: librust-tendril+encoding-dev
plugwash@coccia:~$ zcat
/srv/ftp.debian.org/mirror/dists/sid/main/source/Sources.gz
/srv/ftp.debian.org/mirror/dists/sid/main/binary-amd64/Packages.gz | grep -v
Testsuite-Triggers | grep-dctrl rust-boxfnonce -spackage
Package: rust-boxfnonce
Package: rust-daemonize
Package: librust-boxfnonce-dev
Package: librust-daemonize-dev
Package: sccache
plugwash@coccia:~$ zcat
/srv/ftp.debian.org/mirror/dists/sid/main/source/Sources.gz
/srv/ftp.debian.org/mirror/dists/sid/main/binary-amd64/Packages.gz | grep -v
Testsuite-Triggers | grep-dctrl rust-const-cstr -spackage
Package: rust-const-cstr
Package: rust-yeslogic-fontconfig-sys
Package: librust-const-cstr-dev
Package: librust-yeslogic-fontconfig-sys-dev
plugwash@coccia:~$
While I agree it's good to move away from crates that are abandoned upstream,
I think it's too late to do so for bookworm and I don't think any of these
crates are sensitive enough to consider such maintenance issues as rc.
daemonize has already moved away from boxfnonce upstream, and the latest
upstream git source for sccache has moved to the new version of daemonize
so this should be a fairly easy fix, but still probablly too instrusive
for the current stage in the release process.
I've filed upstream issies for the other two
https://github.com/yeslogic/fontconfig-rs/issues/35
https://github.com/sharkdp/bat/issues/2512
