On 2017-04-15 11:04:31, Vincent Bernat wrote: > ❦ 14 avril 2017 15:07 -0400, anarcat <anar...@debian.org> : > >> I looked into this during the Montreal BSP, and it's unclear what we >> should do here, considering there has been multiple new uploads since >> the stretch freeze. >> >> The patch is pretty long: >> >> https://github.com/golang/crypto/commit/e4e2799dd7aab89f583e1d898300d96367750991 >> >> ... and there's no way to just backport it into stretch at this point >> (IIRC). > > The patch is not that big. Most of its content is in tests and > examples. The only problem is that it exposes a behavioral change that > may break reverse dependencies at runtime. > >> So I'm wondering if the next step here would not just be to ask for an >> exception to unblock this for stretch, or just tell the release team to >> just ignore this and drop the package from stretch. > > There are many reverse dependencies that would be removed by removing > this package, including some high profile ones, like etcd, rkt, > influxdb. Their removal will in turn remove a lot of additional > packages.
Okay well, you guys need to figure out what you do with this package, because as it stands 1) it has a RC bug and 2) it is completely out of sync with unstable. I don't understand why so many uploads were done after stretch was frozen, but I guess you should ask the release team for an exception at this point. Then this patch can be added on top... A. -- There is no cloud, it's just someone else's computer. - Chris Watterson