On Mon, 2025-03-17 at 23:41 +0100, Simon Josefsson wrote: > We now have the maintained fork in Debian: > > https://tracker.debian.org/pkg/golang-github-smallstep-pkcs7 Thanks! > I think all packages below could be migrate to it. Upstream seems > supportive to make that happen. > > But I'm not sure it is a good idea to start on this now... we are > getting closer to the release. Thoughts? I worry that if we are not > able to make all uses go away, then we are almost worse off than before. > So maybe we should just fix the RC bugs in those two unmaintained > packages. At least in my mind, I would consider that a transition, and so inappropriate at this point in the trixie freeze[1]. While potentially not as tricky/problematic as a .so library migration, it would still require updating various other golang packages to take advantage of the change. With the soft freeze starting in just under a month, I would suggest focusing on a minimal fix for the RC bugs, then maybe coordinating with the Release Team if you think there would be sufficient time to switch the existing packages to use this new one. Mathias [1] -- https://release.debian.org/testing/freeze_policy.html
Attachment:
signature.asc
Description: This is a digitally signed message part