user helm...@debian.org usertags 990409 + sidremove thanks I am putting this bug onto the sid autoremover process.
On Sun, Aug 15, 2021 at 02:13:10PM +0200, Gero Treuner wrote: > > If it's available as a Debian package, that's a clear advantage from > > my point of view. :-) > > Correct. This helps partners in signed/encrypted email conversions, > because the trust can easily be installed by almost everyone, not only > people which are interested and skilled in encryption. > > We'd love to have the package updated with the new class3 > certificate and readded to Debian. The ca-cert package is not part of bookworm nor trixie. It has last been updated in 2019 and as a result the net value of the package to Debian is negative in my opinion. Timo suggested removal earlier and that is one way forward. The other is fixing things. > > > > Again, I strongly disagree. I rather hope that Dmitry gets it back > > > > into shape and then also offers it via bullseye-backports. > > > > > > Well, if you, Dmitry, or anyone else feels that their time is well > > > spent on this package, by all means, go ahead. I just happen to > > > think that your contributions would be more valuable elsewhere. > > > > I already have too many packages, so yes, I agree here. This though > > does not change my opinion on this package (or on a lot of other > > packages in Debian which I don't maintain, but consider important for > > myself as well as the community in general). > > Does it help if I provide a patch? I'm sorry, but no, I don't think a patch is sufficient here. What would be sufficient is taking over the entire maintainership via the ITS process. You can maintain a package without having your key in the keyring by finding a sponsor signing your package. Judging the earlier conversation, I suspect that Axel Beckert might agree to sponsor the package. I request that we move forward as follows. We wait one month to find a volunteer for fixing the package. Within that time a volunteer files an ITS bug and mails an update to #988512 indicating an intention to fix the bug and they also close this bug. Given the later commitment involved, three writing mails within a month should be reasonable expectation. After one month passing by with no action, the autoremover will turn this bug into a RM/RoQA bug. A removal of the ca-cacert package is not a permanent statement of Debian not wanting the package. It is a statement of the cost of carrying this package outweighing the benefits at this time. I do not object to later reintroducing the package when someone with resources wants to do the work. Helmut
