Dear rust maintainers, I should have probably contacted you earlier, but better now than latter. I think it is time to align between the rust maintainers and the release team how we (ideally you without needing our assistance) can manage the rust stack in testing (and thus in unstable). The last couple of weeks I have watched the rust uploads a bit, as I'd like thunderbird (with several CVE fixes) to migrate to testing. It has been blocked since the beginning of November due to rust dependencies that keep changing [1]. It has made me worry a bit, as it seems to point at a very strict relation between rust packages (including Build-Using) than make migration to testing difficult as they need to migrate as a together. This becomes a release risk when we get nearer to the release freeze if not managed well. I'd like to know, are you coordination your uploads such that rust packages can migrate to testing in a reasonable time frame? Are you aware of the impact your work has on high profile (with relatively high security risk) packages like thunderbird and firefox? As thunderbird should really migrate some time soon, are you aware of the missing pieces for that to happen and share that with us? If possible, can you please avoid uploading updates that can wait a bit and that interfere with the required stack? Paul [1] Now thunderbird is blocked by rust-cbindgen (last version migrated in September with uploads since October), which is blocked by rust-syn (last version migrated in July, with new uploads since August). Involved is rust-proc-macro2 (last version migrated in July, with new uploads since August (and currently triggers an autopkgtest regression)), rust-unicode-xid (which has been trying to migrate to testing since August), rust-quote (trying to migrate since August). And I may be missing others. rustc was involved at some moment, cargo was involved (and FTBFS for some time) etc...
Attachment:
signature.asc
Description: OpenPGP digital signature