Mathias Gibbens <gibmat@debian.org> writes: > On Mon, 2025-03-17 at 23:41 +0100, Simon Josefsson wrote: >> We now have the maintained fork in Debian: >> >> https://tracker.debian.org/pkg/golang-github-smallstep-pkcs7 > > Thanks! > >> I think all packages below could be migrate to it. Upstream seems >> supportive to make that happen. >> >> But I'm not sure it is a good idea to start on this now... we are >> getting closer to the release. Thoughts? I worry that if we are not >> able to make all uses go away, then we are almost worse off than before. >> So maybe we should just fix the RC bugs in those two unmaintained >> packages. > > At least in my mind, I would consider that a transition, and so > inappropriate at this point in the trixie freeze[1]. While potentially > not as tricky/problematic as a .so library migration, it would still > require updating various other golang packages to take advantage of the > change. With the soft freeze starting in just under a month, I would > suggest focusing on a minimal fix for the RC bugs, then maybe > coordinating with the Release Team if you think there would be > sufficient time to switch the existing packages to use this new one. I agree -- let's fix the RC bugs, and file issues to get upstream's to use the new project and it should eventually trickle down into Debian later on. I suppose golang-github-smallstep-pkcs7 could add new virtual packages golang-github-digitorus-pkcs7-dev and golang-github-fullsailor-pkcs7-dev and things would just work though? But I agree this smells like a transition regardless. I wonder how to fix this for trixie+1 though, I don't think all upstreams will make the switch and we would want to reduce the number of forks here. The Provides: approach could work. /Simon
Attachment:
signature.asc
Description: PGP signature