Re: rust-aes update?
On 23/01/2023 09:46, Timo Aaltonen wrote:
Hi
I noticed you've updated rust-aes on debcargo to 0.8.2
Well all I did was update the packaging for the current debcargo,
it was Noctis who introduced the update to 0.8.2.
>, but didn't
> finish it yet. Is there anything blocking that?
There seem to be a few issues.
Firstly there are direct reverse dependencies, rust-zip and rust-secret-service.
Both currently depend upstream on version 0.7 of aes. There is a pull request
from Blair Noctis updating secret-service but it adds a dependency on the new
package cbc which is not yet in Debian.
There don't seem to be any proposed fixes/updates for rust-zip.
Then there is the fact that the new version of aes depends on a new version
of cipher. Reverse dependencies of this include
* rust-aes-soft and rust-aes-ctr, I think these should probablly be removed
when aes is updated.
* rust-block-modes, this is deprecated upstream, the only reverse dependency
in debian is secret-service. The PR submitted by noctis to update secret-service
to the new aes also gets rid of the dependency on block-modes so block-modes
should also probablly be removed as part of this update
The new version of rust-cipher also has a dependency on rust-inout which is
not currently in Debian.
And then there is the fact that we are supposed to be in a transition freeze at
the moment. I think an update of this complexity certainly counts as a transition.
I would suggest that if you want to update aes you work with Noctis to do so
in experimental. It can then be uploaded to unstable after the bookworm
release.
> I've uploaded a new fernet and it depends on 0.8, so it's currently uninstallable :)
Depending on what you need the fernet crate for it might be an option
to patch out the "rustcrypto" feature and it's associated optional
(in the rust sense) dependencies.
Reply to: