Jérémy Lal <kapo...@melix.org> writes: >> I had a look at another approach, just upgrading the dependency to >> golang-github-smallstep-crypto-dev >> for these two packages: >> - golang-step-cli-utils: all fine, level1 >> - golang-github-smallstep-certificates: level 2, needs the previous one >> rebuilt first, and the attached patch. >> There are probably mistakes in that patch. >> > > Now that that patch passes the test suite by borrowing from upstream fixes, > and that "caddy" also builds fine with them, I'm going to do as advertised.
Thank you! Some observations - tl;dr: I suggest to remove golang-step-crypto-dev from the archive as discussed in 1) below, and for us to ignore issue 2) + 3) below, even though they warrant more consideration. 1) Now there are no reverse dependencies on golang-step-crypto-dev any more, so I think we could ask for removal of that package from the archive which would resolve https://bugs.debian.org/1100967 jas@kaka:~/dpkg/golang-github-smallstep-crypto$ ssh mirror.ftp-master.debian.org "dak rm -Rn -b golang-step-crypto-dev" Will remove the following packages from unstable: golang-step-crypto-dev | 0.24.0-2 | all Maintainer: Debian Go Packaging Team <team+pkg...@tracker.debian.org> ------------------- Reason ------------------- ---------------------------------------------- Checking reverse dependencies... No dependency problem found. jas@kaka:~/dpkg/golang-github-smallstep-crypto$ 2) However I realized I was wrong in my comment in https://bugs.debian.org/1100967#10 about which package name is the "proper" one. Upstream's go.mod namespace is still go.step.sm/crypto even in latest upstream master: https://github.com/smallstep/crypto/blob/master/go.mod So then the "correct" package name in Debian really ought to be "golang-step-crypto" after all.... sigh. Should we upload golang-step-crypto v0.60.0 and migrate all dependencies back to the proper name, and then remove golang-github-smallstep-crypto? Naming policy: https://go-team.pages.debian.net/packaging.html#_naming_conventions_2 What was missing there for me was the definition of the term "import path", which I now take to mean the 'module FOO' line in go.mod. I probably confused it with the source code hosting site before. 3) Upstream namespace go.step.sm/* has been renamed to github.com/smallstep/* for many (most?) other smallstep packages, and I had expected this to happen to go.step.sm/crypto as well. I found this bug report that discuss it: https://github.com/smallstep/crypto/issues/579 So it may be that shortly the right name is actually the one we have already prematurely migrated to. Given that there are no reverse dependencies on golang-step-crypto-dev now, I think the simplest way out of this mess is to ask for that package to be dropped. /Simon
signature.asc
Description: PGP signature
