Yes, I remember I had initially filed the ITP for v2 of golang- github-lestrrat-go-jwx, but since golang-github-minio-pkg wanted v1 I went with the path of least resistance. :)
I'm personally of the option that you should just bump the existing packaging of golang-github-lestrrat-go-jwx to v2 without introducing an entirely new package. Since the changes to minio-pkg don't seem to include any actual code modifications, if its tests continue to pass with v2 let's just go with that. (Although as I type that, I don't remember if maybe I _had_ encountered some build/test error with v2, thus necessitating the packaging of v1....) I think that would be better in the long term versus having two different major versions of golang-github-lestrrat-go-jwx in the archive. Mathias On Sun, 2024-11-24 at 13:44 +0100, Simon Josefsson wrote: > Progress update: I've tried to reach out to minio/pkg upstream and > ask them to bump to go-jwx v2: > > https://github.com/minio/pkg/pull/139 > > Upstream lestrrat-go/jwx commented on minio/pkg here: > > https://github.com/lestrrat-go/jwx/issues/1239#issuecomment-2495080886 > > Let's wait some time and see if they address it, otherwise I think > the golang-github-lestrrat-go-jwx-v2 path is unavoidable. > > /Simon > > Simon Josefsson <si...@josefsson.org> writes: > > > Hi > > > > The golang-github-lestrrat-go-jwx package contains the v1 branch, > > which upstream says is archived: > > > > https://github.com/lestrrat-go/jwx/tree/v1?tab=readme-ov-file#users-of-githubcomlestrratgo-jwx > > > > The v2 and v3 branches seems recommended. > > > > I'm considering packaging buildkit (an avoidable dependency of > > cosign) which depends on buildkite-go-pipeline that uses the v2 > > branch of lestrrat-go-jwx. > > > > I tried upgrading golang-github-lestrrat-go-jwx to v2 but then the > > single reverse dependency golang-github-minio-pkg isn't happy: > > > > https://salsa.debian.org/jas/golang-github-lestrrat-go-jwx/-/jobs/6622218 > > > > dpkg-checkbuilddeps: error: Unmet build dependencies: golang- > > github-lestrrat-go-jwx-dev (<< 2.0) > > > > Alas upstream seems to have disabled bug reporting: > > https://github.com/minio/pkg > > > > Is there any way out of this except adding > > golang-github-lestrrat-go-jwx-v2 that provide the v2 branch? > > > > Could we get minio/pkg to use the v2 branch, and update > > golang-github-lestrrat-go-jwx to v2? > > > > I'm going down the golang-github-lestrrat-go-jwx-v2 route now, but > > wanted to bring this up before filing ITP and doing the NEW upload. > > > > /Simon
signature.asc
Description: This is a digitally signed message part
