[Debian-med-packaging] Bug#1013802: timeline for enforcing dependencies for gopsutil v3 breaking changes

Nicholas D Steeves sten at debian.org
Sat Jun 25 20:31:50 BST 2022 

Package: ncbi-entrez-direct
Severity: normal

Control: affects -1 golang-github-shirou-gopsutil

Dear Maintainer,

The upload of golang-github-shirou-gopsutil/3.21.10-1 introduced the
following breaking changes:

  https://github.com/shirou/gopsutil/blob/master/README.md#v3-migration
  https://github.com/shirou/gopsutil/blob/master/_tools/v3migration/v3Changes.md

Upstream writes "from v3.20.10, gopsutil becomes v3 which breaks
backwards compatibility".  Our gopsutil package dependencies do yet
enforce the compatibility break.

Affected packages are as follows:

  consul
  golang-github-satta-ifplugo
  ncbi-entrez-direct
  nomad
  nomad-driver-lxc
  nomad-driver-podman
  packer
  slinkwatch
  syncthing

Please verify that your package is ready for gopsutil v3.  If the
version in sid/unstable is v3-ready, then please set "fixed -1
sourcepkgname/version" for this bug.  If not, the latest upstream
release may already support it, in which case, please import it!  If
the latest release is not ready, please contact that upstream without
delay, because some may be reticent to keep pace with changing
libraries.  It may be worth mentioning to them that the v2 series
is EOL:

  https://github.com/shirou/gopsutil/blob/master/README.md#v3-migration
    * Contains the upstream statement v2 is gone.
  https://pkg.go.dev/github.com/shirou/gopsutil/v3#readme-v3-migration
    * Also available here.
  https://github.com/shirou/gopsutil/blob/v2
    * (404 error)

Three weeks from now (18 July) I will increase severity to important
as a gentle reminder.

Around 17 September I will upload to experimental.

The 15 October I will increase severity to RC.  To justify downgrading
severity at that time, please add the forwarded tag the bug, with a
URL that shows that upstream is working towards solving this issue
before 2023.

Either the first week of December, or the first week of January 2023
(at the latest), the compatibility break will be enforced with an
upload of gopsutil to unstable.

I hope that everyone affected feels that these deadline are fair, and
prefers to have a roadmap rather than vague "at some point" guesturing
followed by stresssful surprises at the worst times.


Best wishes,
Nicholas


-- System Information:
Debian Release: 11.3
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable-debug'), (500, 'proposed-updates-debug'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-14-rt-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN, TAINT_UNSIGNED_MODULE
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), LANGUAGE=en_CA:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages ncbi-entrez-direct depends on:
ii  curl                7.74.0-1.3+deb11u1
ii  libc6               2.31-13+deb11u3
ii  libwww-perl         6.52-1
ii  libxml-simple-perl  2.25-1
ii  perl                5.32.1-4+deb11u2
ii  wget                1.21-1+deb11u1

ncbi-entrez-direct recommends no packages.

Versions of packages ncbi-entrez-direct suggests:
ii  curl           7.74.0-1.3+deb11u1
ii  libxml2-utils  2.9.10+dfsg-6.7+deb11u2
ii  python3        3.9.2-3

More information about the Debian-med-packaging mailing list