[Pkg-rust-maintainers] rust ecosystem worries of a release team member
Paul Gevers
elbrus at debian.org
Sat Jan 4 16:02:56 GMT 2020
Dear rust maintainers,
I should have probably contacted you earlier, but better now than
latter. I think it is time to align between the rust maintainers and the
release team how we (ideally you without needing our assistance) can
manage the rust stack in testing (and thus in unstable).
The last couple of weeks I have watched the rust uploads a bit, as I'd
like thunderbird (with several CVE fixes) to migrate to testing. It has
been blocked since the beginning of November due to rust dependencies
that keep changing [1]. It has made me worry a bit, as it seems to point
at a very strict relation between rust packages (including Build-Using)
than make migration to testing difficult as they need to migrate as a
together. This becomes a release risk when we get nearer to the release
freeze if not managed well.
I'd like to know, are you coordination your uploads such that rust
packages can migrate to testing in a reasonable time frame? Are you
aware of the impact your work has on high profile (with relatively high
security risk) packages like thunderbird and firefox?
As thunderbird should really migrate some time soon, are you aware of
the missing pieces for that to happen and share that with us? If
possible, can you please avoid uploading updates that can wait a bit and
that interfere with the required stack?
Paul
[1] Now thunderbird is blocked by rust-cbindgen (last version migrated
in September with uploads since October), which is blocked by rust-syn
(last version migrated in July, with new uploads since August). Involved
is rust-proc-macro2 (last version migrated in July, with new uploads
since August (and currently triggers an autopkgtest regression)),
rust-unicode-xid (which has been trying to migrate to testing since
August), rust-quote (trying to migrate since August). And I may be
missing others. rustc was involved at some moment, cargo was involved
(and FTBFS for some time) etc...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-rust-maintainers/attachments/20200104/350d0afd/attachment.sig>
More information about the Pkg-rust-maintainers
mailing list