Is a self-contained upgrade considered large/disruptive? (was Re: Bug#1102599: rust-tonic: please upgrade to 0.13 with upcoming upgrade of rust-prost 0.13)

To: debian-release@lists.debian.org
Cc: Jonas Smedegaard <jonas@jones.dk>, 1102599@bugs.debian.org
Subject: Is a self-contained upgrade considered large/disruptive? (was Re: Bug#1102599: rust-tonic: please upgrade to 0.13 with upcoming upgrade of rust-prost 0.13)
From: Blair Noctis <ncts@debian.org>
Date: Fri, 11 Apr 2025 23:14:01 +0800
Message-id: <[🔎] bd248624-a40a-4ff2-84cf-dd1c2e2d30da@debian.org>
In-reply-to: <174431425705.670356.16008986300162336803@cairon.jones.dk>
References: <248434c9-2f25-4d02-a4d1-fd7137a71878@debian.org> <174431425705.670356.16008986300162336803@cairon.jones.dk>

Dear RT,

(Please consider this specific issue low priority,
but I think it's useful to clarify a general question.)

On 11/04/2025 03:44, Jonas Smedegaard wrote:

Quoting Blair Noctis (2025-04-10 21:26:26)

I'm about to upgrade the prost family from 0.12 to 0.13.


That sounds like a "large or disruptive changes to unstable" which the
release team as explicitly stated is not ok during freeze, so please
refrain from doing that, or if needed then please ask the release team
for an exception.


The affected packages are:

prost family, target of this upgrade:

- rust-prost-build
- rust-prost-types
- rust-prost
- rust-prost-derive

Dependents:

- rust-parsec-service
- rust-parsec-interface
- rust-pprof
- rust-tonic
- rust-axum
- rust-cast-sender
- rust-prometheus-client
- netavark
- gnome-authenticator

I have prepared all of them for this upgrade.
All build and pass tests.

I regret to have not noticed this chance and prepared earlier.
But:
I argue this is not "disruptive":
Updates of the prost family only affect listed dependents.
Updates of said dependents don't introduce breaking changes.
The whole upgrade is self-contained and does not "leak" to other packages.
Also not "large":
All considered, the "blast radius" is 13 packages.
This is fairly small IMO.
All rust-* packages besides rust-tonic and rust-axum are maintained in the Rust team,
of which I'm a member, thus in the position to handle.
In rust-tonic and rust-axum,
maintained by Jonas whose words are quoted above,
the former received a prepared upgrade for the former (#1102599, this bug),
and the latter requires only a version bump (#1102597).
netavark is maintained by Reinhard Tartler (siretart),
and gnome-authenticator by Jeremy Bícha (jbicha),
both also requiring only a version bump,
and both gave approval (netavark #1102598, g-a on IRC).
This is a fairly small circle.

So:
If all packages affected are handled ("self-contained"),
the blast radius is rather small,
and I have the go from all affected maintainers,
is it still considered large/disruptive?

Thanks.

Btw, when asked on IRC,
Ramacher said it depends on the size of debdiffs,
so here they are:
https://people.debian.org/~ncts/rust-prost-0.13-affected-debdiffs/
(Cargo.lock stripped as it's basically dead weight)

--
‌    ,Sdrager
Blair Noctis

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Re: Is a self-contained upgrade considered large/disruptive? (was Re: Bug#1102599: rust-tonic: please upgrade to 0.13 with upcoming upgrade of rust-prost 0.13)
  - From: Paul Gevers <elbrus@debian.org>

Prev by Date: Re: Requesting approval to upload debianutils
Next by Date: Processed: unblock: rustc/1.85.0+dfsg2-3
Previous by thread: Bug#1102630: bookworm-pu: package debian-archive-keyring/2023.3+deb12u2
Next by thread: Re: Is a self-contained upgrade considered large/disruptive? (was Re: Bug#1102599: rust-tonic: please upgrade to 0.13 with upcoming upgrade of rust-prost 0.13)
Index(es):
- Date
- Thread