Jérémy Lal <kapo...@melix.org> writes: >> > 2) However I realized I was wrong in my comment in >> > https://bugs.debian.org/1100967#10 about which package name is the >> > "proper" one. Upstream's go.mod namespace is still go.step.sm/crypto >> > even in latest upstream master: >> > >> > https://github.com/smallstep/crypto/blob/master/go.mod >> > >> > So then the "correct" package name in Debian really ought to be >> > "golang-step-crypto" after all.... sigh. Should we upload >> > golang-step-crypto v0.60.0 and migrate all dependencies back to the >> > proper name, and then remove golang-github-smallstep-crypto? >> >> Sorry for the late reply. But I think it can be better handled. >> >> We can just update golang-step-crypto to 0.57.0-1 and make >> golang-github-smallstep-crypto-dev as a transitional package. >> >> I prefer we keep the correct package name, aka golang-step-crypto. > > That solution could be done before soft freeze.
No objection from me, but Shengjing do you still prefer this given that upstream plan to rename the package? The Debian golang-github-smallstep-crypto package would follow that new name. https://github.com/smallstep/crypto/issues/579#issuecomment-2790249872 Alas I won't have time to think about what changes is needed to complete this migration and upload things in the next few days before the soft freeze, sorry. I would have noticed and caught this earlier if there was a Salsa CI/CD pipeline check that complained if the package name differ from the Go naming style guidelines, or we had some similar automatic checking. Thoughts on adding that? For someone like me who isn't all that familiar with Go and Go library namespaces, the policy could also clarify exactly what the "import name" refers to. For me it is ambiguous (I "import" the package from github.com/smallstep/crypto/...). /Simon
signature.asc
Description: PGP signature
