[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#996432: ITS: newlib

Source: newlib
Version: 3.3.0-1.1
Severity: important
X-Debbugs-Cc: debian-toolchain@lists.debian.org, pkg-electronics-devel@alioth-lists.debian.net, mia@qa.debian.org

The Newlib package is, in my opinion, currently in a poor state of
 * The upstream release 4.1.0 has yet to be packaged.
 * It currently uses an obsolete Debhelper compatibility level, which
puts it at risk of being removed in the Bookworm release cycle
 * Ports to new systems, such as riscv64-unknown-elf, are wanted
 * There is at least one credible security issue which hasn't been
addressed (#984446).

I believe this package is eligible for salvaging based on these facts:
 * My previous NMU of Newlib went unacknowledged.
 * The maintainers have been unresponsive to my attempts at contact.
 * There has been no visible work on the package for 18 months.

Here is my game plan for Newlib, which I have alluded to on the pkg-
electronics-devel list and not gotten any pushback on:
 * It provides multiple benefits, including avoiding the bootstrap
problem and enabling running of the GCC test suite, for the GCC
packages for various ports to also be responsible for building Newlib.
This can be done using a combined tree; an initial upload of gcc-sh-elf
is imminent which will demonstrate this technique.

 * I will accordingly make gcc-arm-none-eabi responsible for building
its own Newlib port by preparing a merge request soon.

 * libnewlib-dev is a misnomer; this package should really be called
libnewlib-arm-none-eabi-dev. I will turn libnewlib-dev into a
transitional package.

 * Only after the dust has settled will I upload Newlib 4.1.0. The
"downstream consumers" (gcc-sh-elf, gcc-arm-none-eabi, gcc-riscv64-
none-elf) will be able to migrate to this version at their own pace
whenever they get rebuilt.

 * In the end, I plan for the Newlib source package to provide only two
binaries: newlib-source, and libnewlib-doc.

I expect that my work will be most welcome within the Electronics Team,
but if they'd prefer, I could also maintain this under my own
namespace. In any case, I'm not a project member and will require
sponsorship, so I will not be able to upload this package on my own.

-- System Information:
Debian Release: bookworm/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing'), (2, 'unstable-
debug'), (2, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.14.0-2-amd64 (SMP w/2 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: