Package: wnpp Severity: wishlist Owner: Simon Josefsson <si...@josefsson.org>
* Package name : golang-github-theupdateframework-go-tuf-v2 Version : 2.0.2-1 Upstream Author : The Update Framework (TUF) * URL : https://github.com/theupdateframework/go-tuf * License : Apache-2.0 Programming Lang: Go Description : Go implementation of The Update Framework (TUF) The Update Framework (TUF) helps developers maintain the security of software update systems, providing protection even against attackers that compromise the repository or signing keys. TUF provides a flexible framework and specification that developers can adopt into any software update system. I hope to maintain this package as part of Debian Go Packaging Team: https://salsa.debian.org/go-team/packages/golang-github-theupdateframework-go-tuf-v2 The current Debian package golang-github-theupdateframework-go-tuf is for the old v0.x API, quoting upstream: The legacy go-tuf (v0.7.0) (https://github.com/theupdateframework/go- tuf/tree/v0.7.0) codebase was difficult to maintain and prone to errors due to its initial design decisions. Now it is considered deprecated in favour of go-tuf v2 (originaly from rdimitrov/go-tuf-metadata (https://github.com/rdimitrov/go-tuf-metadata)) which started from the idea of providing a Go implementation of TUF that is heavily influenced by the design decisions made in python-tuf (https://github.com/theupdateframework/python-tuf). Indeed, I tried rebuilding the reverse dependencies of this package with v2.x and while most packages actually built, there are some that fails due to TUF v0 vs v2: https://salsa.debian.org/jas/golang-github-theupdateframework-go-tuf/-/pipelines/751423 Since the package has a different license and looks like a complete rewrite to me, I think it makes sense to have two separate Debian packages for it. /Simon
signature.asc
Description: PGP signature
