Bug#1008495: transition: tinyobjloader

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1008495: transition: tinyobjloader
From: Timo Röhling <roehling@debian.org>
Date: Sun, 27 Mar 2022 19:27:22 +0200
Message-id: <[🔎] 164840204266.149196.99370713603252836.reportbug@roehling.fkie.fraunhofer.de>
Reply-to: Timo Röhling <roehling@debian.org>, 1008495@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: transition

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Dear release team,

I'd like to transition tinyobjloader for its new soname. Technically,
this is a simple transition, the reverse dependencies build fine.
However, the transition is unusual as it is not an official release, so
allow me to explain my reasons.

The initial upload was with 2.0.0~rc5 around April 2020, because it was
required by Open3D at that time. Upstream assured me that a final 2.0
release would be happening in early 2021. Some development occurred
(which broke ABI backwards compatibility) and some bugs were fixed,
among them CVE-2020-28589; however, the final release never
materialized. Now, almost two years later, I find myself with an
"in-between" ABI version that is no longer .so.1 but likely not
.so.2 yet (the TODO still includes some "API polishing").

It is impossible to predict when upstream will find the time to finish
the 2.0 release, and I would like to have the bugfixes in Debian at some
point. Given that this is only a minor package with few reverse depends,
I felt it was fine to have this "in-between" transition now and the
proper one with .so.2 whenever the final release happens. Let me know
what you think.


Cheers
Timo

PS. https://release.debian.org/transitions/html/auto-tinyobjloader.html
looks good

-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmJAnnYACgkQ+C8H+466
LVk67AwAo6qohyBPGDq36lxSFbEW/E6qZHNWBr239hVMGNT63DzhvRqRO4KOdt9C
xoQYSRrFXP5oQRKXh6EosmHK/uHxVNAH1IG8xyWpe7pdD6QvzKhnVGpZiKQviGEe
iixw92dqWx0R72fuBUzojqeAT1v680t+upshDYm0SlrJWZGym5emJUBs+6LRcx5o
F6l9z3teuIacHeUyt/L1J9aoWHS9GKmFyoIgZMYWFMC+D0t03osvUuikDawc3v6P
JGrDpDU9pDpLIPUwcT9R/YP8vYq12PfTJnKgWDjCCk5vOADdYbOCgpbu7GkqZFcQ
eQBpS45aULq539W+oKpuaeMtXPMkZvFkBExdlvnVmyQ5fX4V16wRyrTci7C+vrwA
VXG4TaUF2MBmO6pNnbjCASzblz7A2IJiEdMWeXjej7XA5ZZZ7bGjJe8WcTHpXG9n
yRmP7AjJvEtID6oQbTRkJeqpz8sVxyfvqLYMjqECA/pzyX2lCtXOI/Qv16g6wHyk
pWesoHlP
=rcmR
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Bug#1005135: bullseye-pu: package nvidia-graphics-drivers-tesla-470/470.103.01-1~deb11u1
Next by Date: NEW changes in stable-new
Previous by thread: Processed: tagging 1004831
Next by thread: Re: Updated Debian 10: 10.12 released
Index(es):
- Date
- Thread