Le mer. 9 avr. 2025 à 17:26, Simon Josefsson <si...@josefsson.org> a écrit :
> Jérémy Lal <kapo...@melix.org> writes: > > >> I had a look at another approach, just upgrading the dependency to > >> golang-github-smallstep-crypto-dev > >> for these two packages: > >> - golang-step-cli-utils: all fine, level1 > >> - golang-github-smallstep-certificates: level 2, needs the previous one > >> rebuilt first, and the attached patch. > >> There are probably mistakes in that patch. > >> > > > > Now that that patch passes the test suite by borrowing from upstream > fixes, > > and that "caddy" also builds fine with them, I'm going to do as > advertised. > > I just uploaded caddy. Thank you! Some observations - tl;dr: I suggest to remove > golang-step-crypto-dev from the archive as discussed in 1) below, and > for us to ignore issue 2) + 3) below, even though they warrant more > consideration. > > 1) Now there are no reverse dependencies on golang-step-crypto-dev any > more, so I think we could ask for removal of that package from the > archive which would resolve https://bugs.debian.org/1100967 > > jas@kaka:~/dpkg/golang-github-smallstep-crypto$ ssh > mirror.ftp-master.debian.org "dak rm -Rn -b golang-step-crypto-dev" > Will remove the following packages from unstable: > golang-step-crypto-dev | 0.24.0-2 | all > Maintainer: Debian Go Packaging Team <team+pkg...@tracker.debian.org> > ------------------- Reason ------------------- > ---------------------------------------------- > Checking reverse dependencies... > No dependency problem found. > jas@kaka:~/dpkg/golang-github-smallstep-crypto$ To be careful, the golang-step-crypto-dev should be removed after all its previous rdeps have migrated to testing. > 2) However I realized I was wrong in my comment in > https://bugs.debian.org/1100967#10 about which package name is the > "proper" one. Upstream's go.mod namespace is still go.step.sm/crypto > even in latest upstream master: > > https://github.com/smallstep/crypto/blob/master/go.mod > > So then the "correct" package name in Debian really ought to be > "golang-step-crypto" after all.... sigh. Should we upload > golang-step-crypto v0.60.0 and migrate all dependencies back to the > proper name, and then remove golang-github-smallstep-crypto? > > Naming policy: > > https://go-team.pages.debian.net/packaging.html#_naming_conventions_2 > > What was missing there for me was the definition of the term "import > path", which I now take to mean the 'module FOO' line in go.mod. I > probably confused it with the source code hosting site before. > > 3) Upstream namespace go.step.sm/* has been renamed to > github.com/smallstep/* for many (most?) other smallstep packages, and I > had expected this to happen to go.step.sm/crypto as well. I found this > bug report that discuss it: > > https://github.com/smallstep/crypto/issues/579 > > So it may be that shortly the right name is actually the one we have > already prematurely migrated to. Given that there are no reverse > dependencies on golang-step-crypto-dev now, I think the simplest way out > of this mess is to ask for that package to be dropped. Once golang-step-crypto-dev has been removed, whatever the right name will be can be provided by golang-github-smallstep-crypto ? If there is no urgency to do that before Trixie, let's not change things right now ? Jérémy
