On 13/10/2024 00:23, Jonas Smedegaard wrote: > Quoting Blair Noctis (2024-10-12 17:34:58) (...) >> Well, not only. rustls & friends also need an update, which is a non-trivial >> transition by itself, needing some careful planning and work. Or we could >> downgrade and wait until the day comes.. > > As I see it, updating rust-rustls is only non-trivial if done > all-at-once, which I find a very bad approach (as I do for base64 as > well, in case anyone cares for my opinion). > > What I expect to be trivial is to introduce a newer branch that other > packages can then begin depending on at their own pace, and then when > sensible drop the older branch.
Could you elaborate a bit on the "branch"? Like, a versioned package (e.g. rustls-0.21 vs rustls 0.23)? That'd mean NEW travels each time a transition happens. FTP masters are quite fast these days, but I don't really want to increase their load. > I have not gotten around to doing that yet, though. Until I find the > time for that, like the many not-updated-to-newest-shiniest-release > crate in Debian, other packages need to deal with older code through > patching. > > For inspiration, here are some patches I maintain for downgrading from > rustls v0.23 to v0.21: > > https://salsa.debian.org/debian/rust-imap-client/-/blob/debian/latest/debian/patches/2001_rustls.patch > https://salsa.debian.org/debian/rust-oxhttp/-/blob/debian/latest/debian/patches/2002_rustls.patch > https://salsa.debian.org/debian/rust-ureq/-/blob/debian/latest/debian/patches/2001_rustls.patch > > As noted in the DEP3 headers of those patches, they often derive from a > reversal of upstream git commits, and I typically bootstrap a patch with > `git log -p $NEW..$OLD`. > > Hope that helps. Thanks, though I often prefer patching them in place, fixing compilation and test errors along the way. That might require a bit of Rust-fu, though. If you are interested, I highly recommend the https://dystroy.org/bacon/ tool. > If you want to discuss rustls further, then please file a bugreport > against rust-rustls. I am happy to repost this comment to such > bugreport that others in (and outside) Debian can easily and intuitively > locate and participate with as well. I am not, however, in the mood for > discussing it at some internal Rust team notes tied to some Rust team: > The issue is not internal to the Rust team, it relates to Debian. I understand this consideration of yours, as it has been iterated (?) over the years. Though I do find it hard and weird to keep a todo list in an email thread, so I'd rather not, while I'm not sure if you'd consider reading some TODO files in the debcargo-conf repo. Other than that, yes, when the time is ripe, I do intend to file a bug report against rust-rustls for your convenience. (I'd argue salsa issues aren't Rust team "internal" as they are public, which means anyone with a salsa account can reply to. But again, I know you don't like it being "the second place of discussion", and that's off topic.) -- Sdrager, Blair Noctis
OpenPGP_signature.asc
Description: OpenPGP digital signature
