On 2023/1/23 21:46, Peter Green wrote: > Firstly there are direct reverse dependencies, rust-zip and rust-secret-service. > Both currently depend upstream on version 0.7 of aes. There is a pull request > from Blair Noctis updating secret-service but it adds a dependency on the new > package cbc which is not yet in Debian. cbc is in debcargo-conf but I guess it won't see itself in bookworm. > There don't seem to be any proposed fixes/updates for rust-zip. rust-zip doesn't (as reported by dc-c/dev/list-rdeps.sh) have any rdeps. It may be safe to be removed, or we could suggest an dep update to upstream. > Then there is the fact that the new version of aes depends on a new version > of cipher. Reverse dependencies of this include > > * rust-aes-soft and rust-aes-ctr, I think these should probablly be removed > when aes is updated. > * rust-block-modes, this is deprecated upstream, the only reverse dependency > in debian is secret-service. The PR submitted by noctis to update secret-service > to the new aes also gets rid of the dependency on block-modes so block-modes > should also probablly be removed as part of this update > > The new version of rust-cipher also has a dependency on rust-inout which is > not currently in Debian. cipher and inout are both in dc-c. Deprecated crates were mentioned in my previous email at https://lists.debian.org/debian-rust/2022/11/msg00002.html. > And then there is the fact that we are supposed to be in a transition freeze at > the moment. I think an update of this complexity certainly counts as a transition. > > I would suggest that if you want to update aes you work with Noctis to do so > in experimental. It can then be uploaded to unstable after the bookworm > release. Agreed as we don't have enough DDs with enough time on hand. I'll certainly be happy to help, but I can't upload. -- Sdrager, Blair Noctis
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature