[Pkg-mailman-hackers] [Pkg-matrix-maintainers] Bug#1002380: drops attributes used by reverse dependencies
Pierre-Elliott Bécue
peb at debian.org
Sat Jan 8 22:07:47 GMT 2022
Jonas Smedegaard <dr at jones.dk> wrote on 22/12/2021 at 23:52:11+0100:
> [[PGP Signed Part:No public key for 2C7C3146C1A00121 created at 2021-12-22T23:52:06+0100 using RSA]]
> Quoting Pierre-Elliott Bécue (2021-12-22 21:42:41)
>>
>> Jonas Smedegaard <dr at jones.dk> wrote on 22/12/2021 at 21:55:13+0100:
>>
>> > [[PGP Signed Part:No public key for 2C7C3146C1A00121 created at 2021-12-22T21:55:09+0100 using RSA]]
>> > Quoting Pierre-Elliott Bécue (2021-12-22 17:08:46)
>> >> Jonas Smedegaard <dr at jones.dk> wrote on 22/12/2021 at
>> >> 12:37:21+0100:
>> >> > Releasing a new major release of mistune has caused several
>> >> > packages to no longer be usable at all.
>> >> >
>> >> > I consider this a serious issue, and have raised severity
>> >> > accordingly.
>> >> >
>> >> > At least python-m2r have no support for mistune v2 in sight (and
>> >> > its newer fork - python-m2r2 - does not either). Concretely I
>> >> > propose to revert this by a (messy) 2.0.0+really0.8.4 release
>> >> > until reverse dependencies can use the newer major version of
>> >> > mistune.
>> >> >
>> >> > It seems that a release of python3-django-hyperkitty requiring
>> >> > mistune v2 has already been uploaded to unstable as well. That
>> >> > is very unfortunate, and will need to be rolled back as well.
>> >> > Mailman maintainers cc'ed.
>> >> >
>> >> > Please in future make sure to check reverse dependencies *before*
>> >> > releasing a major new upstream release to unstable, because
>> >> > reversal is messy (complicates package versioning).
>> >> >
>> >> >
>> >> > Kind regards, and thanks for maintaining mistune,
>> >>
>> >> The issue is that many reverse dependencies of mistune are not
>> >> maintained.
>> >
>> > I assume (in good faith) that you did not mean to say that the
>> > _Debian_ packages reverse depending on mistune are all unmaintained.
>>
>> I'm not sure that there is anything to assume. I wrote "many reverse
>> dependencies of mistune are not maintained", and making it mean "the
>> _Debian_ packages reverse depending on mistune are all unmaintained"
>> would require some hard work.
>>
>> > Please note that I did not propose to wait until _upstreams_ of
>> > reverse dependencies can use newer major version of mistune.
>>
>> Well, I was under the impression that
>>
>> >>> Concretely I propose to revert this by a (messy) 2.0.0+really0.8.4
>> >>> release until reverse dependencies can use the newer major version
>> >>> of mistune.
>>
>> meant indeed to wait until the reverse dependencies were sorted out
>> which generally requires to wait until upstream fixes the issue
>> (except if one likes big quilt patches and maintaining the software's
>> code on their own).
>
> That is precisely what I did *not* imply (so it seems it was good that I
> mentioned my non-assumption since apparently you _did_ assume stuff).
>
> Let me try avoid false assumptions by expanding:
>
> I propose to revert this by a (messy) 2.0.0+really0.8.4 release until
> reverse dependencies somehow (with or without upstream cooperation) can
> use the newer major version of mistune (or, if taking unreasonably long,
> kick any reverse dependencies from testing).
>
>
>> > My proposal is to *collaborate* with your peers in Debian now - not
>> > continue(!) to make choices without coordination with those packages
>> > directly affected by those choices.
>>
>> Maybe you wanted to suggest that I should *collaborate* more, but you
>> did not write that and, as I tend to try not to assume what one says,
>> writes or means, I did not read that.
>
> Sorry!
>
> I did indeed mean to encourage more collaboration, and apologize if that
> failed to get across.
>
>
>> >> If I follow your opinion on this, the following issues arise:
>> >>
>> >> 1. There is no proper way for software to be mistune 0.8.4 and
>> >> mistune 2.0.0 compatible at the same way, so the reverse
>> >> dependencies won't be able to update without mistune 2.0.0
>> >> being in unstable
>> >
>> > Not sure what you imply by "proper".
>>
>> appropriate, suitable, relevant, reasonable, …
>>
>> > There are alternatives to abruptly abandoning support for existing
>> > functionaling packages already in Debian testing.
>>
>> Note that since the upload, autopkgtests for the involved
>> reverse-dependencies were failing and therefore mistune was not
>> planned to migrate from unstable to testing. There was therefore no
>> chance mistune would break these packages in testing, and I was not
>> pressing anyone to sort that out.
>>
>> Now that a serious bug against mistune is opened, even if these
>> autopkgtests get sorted out because these very reverse-dependencies
>> are updated, mistune will not migrate anyway (which will prevent to
>> break other reverse-dependencies).
>
> Yes, I am aware, and that is what I describe as "abruptly": Now that
> mistune v1 is gone, there is no way to work on any package depending on
> that except for switching to v2.
>
> ...which is the reason I propose to revert for now.
>
>
>> Testing is not impacted so far.
>
> Correct. Unstable is impacted.
Ok, so after some end of vacation + 10 days of covid @home, I'm roughly
back on track. Sorry for the added two weeks delay.
I am eager to revert mistune (and therefore django-hyperkitty) back to
previous versions, and to open bugs against reverse deps, with new
uploads in experimental for both mistune and django-hyperkitty.
I consider a delay between bug opening and making them RC on the
reverse-deps of a month, which, added to the removal delay, means around
mid-march I'll probably reupload mistune 2.0.0 and django-hyperkitty in
unstable.
Is it fine with you?
Last but not least, do you have appropriate tooling to file bugs against
mistune reverse deps a bit more efficiently than "mail by mail"?
Cheers!
--
PEB
More information about the Pkg-mailman-hackers
mailing list