Bug#1023130: matrix-synapse: embeds several Rust crates

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1023130: matrix-synapse: embeds several Rust crates
From: Jonas Smedegaard <dr@jones.dk>
Date: Sun, 30 Oct 2022 15:30:39 +0100
Message-id: <[🔎] 166714023920.2641015.16329430767132413530.reportbug@auryn.jones.dk>
Reply-to: Jonas Smedegaard <dr@jones.dk>, 1023130@bugs.debian.org

Package: rc:atrix-synapse
Version: 1.70.1-1
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

This source package embeds 54 vendor projects (Rust crates), 25 of which
is of same version as separately packaged for Debian, and additionally
26 of which is either same major version or needed only for Windows
builds - i.e. amount of vendored projects can likely be reduced to 3.

Debian Policy §4.13 says that this vendoring should be avoided.

Please package the missing (possibly only 3) projects separately, and
reorganize this package to instead depend on separately packaged Rust
crates.


 - Jonas

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmNeiosACgkQLHwxRsGg
ASFWnw//YPMT/OSWcMZonWxCX/5DHbd6BY+O6I8OJLyJumAhy0qzAlCiNdCLXZj/
QcA51ho+23gPDhm5fpKUCQrHKY013IPsiORVnJPpZAD5L0WYY69gG3veLtrOCmZX
yClx89A4X0RyLoCjAeoYYdnv0LE0BI7DhpzcrJ16obhYyWt7lS+6v7N0LEQEKagD
muLEi4r8DNYD/Ok9sKhxk4CG/dBuYLElBkDPRkniMjHilqqME1iirYGSbwrqk/5Q
hvfBTdvHVOivWj7ywNSWWckf6Bcnx5G+m4RU+kvmMptx7sVT/RByNZBOwYCp7pCb
Ut9thDCPn7Z7IuP8PKmHhI8y792cTW7EJ/y1B2+YJEtDMscjgmFWF+i080OHQr9m
xD6J2i11tNUQ+pYRb4qx1cV26+GzNaaqyr1YCcRQK23kG4ouz3iVhPIqD8dBrAbY
YvqRUShgOICRcyfpPWuJiwO5dhI9BNoo4rtb3QkvjuiCf8msNKik9li/Cs86YhSs
fYe29UN4OhDRJ3d+EMhHo+YrxKFZRMEhoAodXRjsENr0BsS91G3Wf24irI2xjedB
GpUYBEROM/eniSePJTyB6a4+1DdiCLVZtixKg2GpmikB6qjUfEaHfvHR/zp1ImEY
rcoigN5P9dr5K8nauRDC3sda1TlQcPpjdaO7xdgGsQPCnp2JcRw=
=xeeq
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Processed: fixup dupli-clone
Next by Date: Processed: closing 901446
Previous by thread: Processed: fixup dupli-clone
Next by thread: Processed: closing 901446
Index(es):
- Date
- Thread