On 19/02/2025 05:49, Jonas Smedegaard wrote:
I would love to get rustls-native-certs upgraded, and am happy for help doing it, but think that it will require fixing each reverse dependency first - which was possibly also the exact thing you were doing here.
Yup, working through the reverse dependencies preparing fixes
meta issue where I'm keeping track of what package I've looked at so-far is at https://salsa.debian.org/rust-team/debcargo-conf/-/issues/114
Instead of patching to use newer rustls-native-certs, the upstream recommendation is to instead move to rustls-platform-verifier.
My general feeling is that such a switch is a matter for upstreams not for distro patches. Also afaict such a switch requires updating to the new version of rustls, whereas merely updating rustls-native-certs does not. That said, if packages move to rustls-platform-verfier and stop directly using rustls-native-certs and rustls-pemfile, it effectively removes them from the set of packages that need to be dealt with as part of this update (rustls-platform-verifier itself will need to be, but that should just be a matter of dropping patches).
