Jonas Smedegaard <d...@jones.dk> wrote on 22/12/2021 at 12:37:21+0100:
> [[PGP Signed Part:No public key for 2C7C3146C1A00121 created at
> 2021-12-22T12:37:23+0100 using RSA]]
> Control: severity -1 serious
>
> [ re-posting to correct bug ]
>
> Releasing a new major release of mistune has caused several packages to
> no longer be usable at all.
>
> I consider this a serious issue, and have raised severity accordingly.
>
> At least python-m2r have no support for mistune v2 in sight (and its
> newer fork - python-m2r2 - does not either). Concretely I propose to
> revert this by a (messy) 2.0.0+really0.8.4 release until reverse
> dependencies can use the newer major version of mistune.
>
> It seems that a release of python3-django-hyperkitty requiring mistune
> v2 has already been uploaded to unstable as well. That is very
> unfortunate, and will need to be rolled back as well. Mailman
> maintainers cc'ed.
>
> Please in future make sure to check reverse dependencies *before*
> releasing a major new upstream release to unstable, because reversal is
> messy (complicates package versioning).
>
>
> Kind regards, and thanks for maintaining mistune,
The issue is that many reverse dependencies of mistune are not
maintained. If I follow your opinion on this, the following issues
arise:
1. There is no proper way for software to be mistune 0.8.4 and mistune
2.0.0 compatible at the same way, so the reverse dependencies won't
be able to update without mistune 2.0.0 being in unstable
2. I'll need mailman3 to be able to enter testing at some point and I
don't think we can expect it to wait for software that is no longer
maintained upstream
Apart from these two points, there are multiple cases where software are
updated despite the impact on the reverse dependencies. Typically Python
updates don't wait for dependencies to be ready in case of breaking
changes, and that looks to me quite normal, despite it bringing more
work to me as a mailman or python packages maintainer.
I'd be happy to hear about how you suggest me to handle the unmaintained
reverse-dependencies like m2r.
For now I'd rather let a serious bug block the migration of mistune from
unstable to testing and accept that some packages are not working in
unstable for now.
Cheers,
--
PEB
signature.asc
Description: PGP signature
