On 23/01/2023 09:46, Timo Aaltonen wrote:
Hi
I noticed you've updated rust-aes on debcargo to 0.8.2
Well all I did was update the packaging for the current debcargo,
it was Noctis who introduced the update to 0.8.2.
>, but didn't
> finish it yet. Is there anything blocking that?
There seem to be a few issues.
Firstly there are direct reverse dependencies, rust-zip and
rust-secret-service.
Both currently depend upstream on version 0.7 of aes. There is a pull
request
from Blair Noctis updating secret-service but it adds a dependency on
the new
package cbc which is not yet in Debian.
There don't seem to be any proposed fixes/updates for rust-zip.
Then there is the fact that the new version of aes depends on a new version
of cipher. Reverse dependencies of this include
* rust-aes-soft and rust-aes-ctr, I think these should probablly be removed
when aes is updated.
* rust-block-modes, this is deprecated upstream, the only reverse
dependency
in debian is secret-service. The PR submitted by noctis to update
secret-service
to the new aes also gets rid of the dependency on block-modes so
block-modes
should also probablly be removed as part of this update
The new version of rust-cipher also has a dependency on rust-inout which is
not currently in Debian.
And then there is the fact that we are supposed to be in a transition
freeze at
the moment. I think an update of this complexity certainly counts as a
transition.
I would suggest that if you want to update aes you work with Noctis to
do so
in experimental. It can then be uploaded to unstable after the bookworm
release.