pprof was at some point needed for the gix stack, if they have moved away from using it then I agree that it's not needed in trixie.
Will this bug be enought to block it, or do we need to do anything more? Den tis 15 apr. 2025 kl 17:57 skrev Peter Green <plugw...@debian.org>: > > Package: rust-pprof > Version: 0.13.0-5 > Severity: serious > X-debbugs-cc: alexander.kj...@gmail.com > > A soundness issue was reported in rust-prost 0.13, > https://rustsec.org/advisories/RUSTSEC-2024-0408.html > which is reported as causing real-world failures in > downstream applications. > > I looked at updating to the new upstream version, > (wip packaging for new upstream version is in the > debcargo-conf git) but that introduces a dependency > on a crate that is not in Debian. > > rust-pprof does not appear to have any reverse > dependencies, and I don't think it should be included > in trixie in it's current state.
