[Pkg-auth-maintainers] Some help for coordinated uploads needed
Florian Schlichting
fsfs at debian.org
Mon Nov 27 22:08:40 GMT 2023
Hi Philip,
On Thu, Oct 19, 2023 at 06:43:02PM +0200, Philip Rinn wrote:
> > > I don't consider solo1-cli upstream dead, they are just slow and
> > > probably don't see the need for updating to fido2 >= 1.0 as
> > > solo1-cli is working perfectly fine, so there is no technical need
> > > to do the update.
I'm not sure that's entirely accurate. Reading
https://github.com/solokeys/solo1-cli/issues/151 it seems "pip install
solo1-cli", which is the primary means for distributing Python packages,
results in a non-working installation. IMHO that's very much a technical
need, and things are not working perfectly fine.
What's more, #152, which fixes a few very obvious compatibility
problems, hasn't seen any comment from upstream (but other people have
tried to fix the same problem, e.g. #158, or in the opposite direction
#159). It should have been a no-brainer to hit merge on any of these
some time in the last 18 months.
> > If you have some contact at the solo upstream, could you please ask them
> > about their plans with regard to the latest fido2 package?
>
> I tried and I'll try again. Meanwhile I started to look at the migration
> myself (https://github.com/solokeys/solo1-cli/pull/169) but without upstream
> having a look at it I'm not confident enough to carry this as a patch for
> the Debian package.
Did you get a (private) reaction? How long do you intend to wait?
Given that the next freeze is still over a year away, I think uploading
your fixes to Debian might give you valuable feedback from a diverse
group of testers. This in turn might inspire confidence in upstream to
move forward with your PR. Even if this path does not seem very
promising, it might be much better taken now than in a year's time...
Florian
More information about the Pkg-auth-maintainers
mailing list