All, For some reasons I had a look at the golang-ed25519-dev package in Debian and wanted to understand who used it (since it is obsolete), and noticed that 'riseup-vpn' referred to it in Build-Depends but at some upstream release it must have stopped using it. There seems to be no references to that library namespace in the latest current release. So rebuilding the package without that Build-Depends works fine, and I did an upload of 'riseup-vpn' to reduce the number of build-depends of golang-ed25519-dev. However this seems like a generic problem, and I worry that there is a large number of no longer necessary Build-Depends for Go packages. Is that the case? Thoughts? Are there any tools or linters to discover possibly no longer relevant Build-Depends for Go packages? Any thoughts on how one could be created? It could be a lintian plugin, so every packager will notice it, but maybe it is too difficult to write one for lintian. A salsa pipeline job is another idea. I don't recall seeing this concern discussed in the go packaging team documentations, but pointers welcome. /Simon
Attachment:
signature.asc
Description: PGP signature