Bug#907135: [Box Backup] Debian now requires 2048bit RSA keys

To: Reinhard Tartler <siretart@gmail.com>

Cc: Chris Wilson <chris+google@qwirx.com>, Box Backup <boxbackup@boxbackup.org>, 907135@bugs.debian.org

Subject: Bug#907135: [Box Backup] Debian now requires 2048bit RSA keys

From: Chris Wilson <chris@simply-italian.co.uk>

Date: Sun, 9 Jun 2019 22:29:30 +0100

Message-id: <[🔎] 35C20C31-B2B9-4F6C-BE46-8592F7AFCABB@simply-italian.co.uk>

Reply-to: Chris Wilson <chris@simply-italian.co.uk>, 907135@bugs.debian.org

In-reply-to: <[🔎] CAJ0cceYj=ywUHA1RZHfNTxR2oSc=Jfzde9-rPc9O_YJufNt-UQ@mail.gmail.com>

References: <CAJ0cceZeyTQchRgmuD_+oT4bAXxawGJwYfTcXF3fgtUdauK0Zg@mail.gmail.com> <CAOg7f83Kx7CzaHQeOfebQm_CgYn9pncbtF7GJrZiXnMR1QnMKQ@mail.gmail.com> <CAJ0cceZT+bO=eocQBz3w9jKiH9mzFF6=9nVV1hH111zZD0A3Jg@mail.gmail.com> <CAOg7f82=L4roj72-5h_MX8v5ek3emT2H08f3V0q7cag19XPXJg@mail.gmail.com> <CAJ0cceZinrGBwKcqJjjorN_yaRNg2MJUW0u69gEzsvQH0-JUwA@mail.gmail.com> <CAOg7f80ECWfpHGm6Rau1-9SLZ2vOZyEJnCKGFD8+bZLEXrmdqw@mail.gmail.com> <CAJ0cceZPdn-DNrzAwKttN-z+rymOa7bbqk_9hMPtq-ixP5nfSw@mail.gmail.com> <CAOg7f82fx8_Z7uXxRW8RowJfecu24asksHNHG4-KXj6qYOVnPQ@mail.gmail.com> <CAJ0ccea9brbK+dExkCr-aDDLAhVN9VXzgp9UM-KzcFEfAvLqCQ@mail.gmail.com> <[🔎] CAOg7f80Qwwv74w5LdodK9R9cf=mdSogTgB7b+9PM2WF+tOujiQ@mail.gmail.com> <[🔎] CAJ0cceYj=ywUHA1RZHfNTxR2oSc=Jfzde9-rPc9O_YJufNt-UQ@mail.gmail.com> <153509781359.14425.9739764818059750522.reportbug@localhost>

Hi all,

It seems a bit egregious to kick out packages that were broken by a minor version upgrade in one of their dependencies (which after all is not supposed to break anything), without any warning, let alone time to fix such a complex issue properly.

I hope that Debian will consider carefully whether this course of action was really in the best interests of its users.

Thanks, Chris.

Sent from my iPhone

On 7 Jun 2019, at 22:26, Reinhard Tartler <siretart@gmail.com> wrote:

On Wed, Jun 5, 2019 at 7:46 PM Chris Wilson <chris+google@qwirx.com> wrote:
Hi Reinhard,

Could you have a look at this patch (documented here) to see if it's something like what you were hoping for?

Hi Chris,

I've uploaded this patch now to unstable, looks good, thanks for the patch. It is still about 80k big, thoguh :-( - quite a lot to review manually. Most of it is actually test code though!

Unfortunately, I have bad news. I totally missed that boxbackup has already been removed on 23 Sep 2018: https://tracker.debian.org/news/989096/boxbackup-removed-from-testing/
That's a bummer, because the freeze guidelines rule out migration of packages that aren't part of testing since beginning of February (cf. https://release.debian.org/buster/freeze_policy.html).

Sorry about that, that's totally on me, I should have been more vocal about this end of last year and totally dropped the ball here.

I guess we'll have to go the backports route then.

Best,
-rt
--
regards,
Reinhard

Reply to: