On 04/03/2025 13:14, Simon Josefsson wrote:
Should we do another upload of Go 1.24 into Debian with this patch?
IMO we should do it.
I'm hoping it would fix this FTBFS:
https://buildd.debian.org/status/fetch.php?pkg=notary&arch=arm64&ver=0.7.0%2Bgit20240416.9d2b3b3%2Bds1-3&stamp=1741045040&raw=0
/Simon
Tianon Gravi <notificati...@github.com> writes:
tianon left a comment (notaryproject/notary#1708)
FWIW, this is fixed in upstream Go now, and [backported to the Go 1.24
branch](https://github.com/golang/go/commit/949eae84df4d0294c19378f939012707e4e1bb24)
(so the next Go 1.24 release should include the fix). Perhaps we can
backport the fix in Debian a bit early to unblock Notary (but
regardless this issue is probably fair to close). 🤔
As the tracker reports it, notary is an important piece of the Go ecosystem:
The removal of notary will also cause the removal of (transitive)
reverse dependencies: cockpit-podman, cosign, debcraft, distrobox,
distrobuilder, docker-clean, docker.io, due, gitsign,
go-containerregistry, golang-github-containerd-nydus-snapshotter,
golang-github-containers-buildah, golang-github-containers-common,
golang-github-containers-image, golang-github-containers-toolbox,
golang-github-crc-org-crc, golang-github-fsouza-go-dockerclient,
golang-github-mudler-docker-companion,
golang-github-openshift-imagebuilder, golang-github-optiopay-kafka,
golang-github-samalba-dockerclient, golang-github-sigstore-fulcio,
golang-github-sigstore-sigstore,
golang-github-sigstore-timestamp-authority, golang-github-sylabs-sif,
golang-github-theupdateframework-go-tuf,
golang-github-tonistiigi-fsutil, oci-seccomp-bpf-hook, pkg-rocm-tools,
podman, prometheus, prometheus-postfix-exporter, prometheus-pushgateway,
rekor, rust-repro-env, sigstore-go, skeema, skopeo, subuser, whalebuilder.
--
Nicolas Peugnet
