Bug#907135: [Box Backup] Debian now requires 2048bit RSA keys

To: Chris Wilson <chris@simply-italian.co.uk>

Cc: Chris Wilson <chris+google@qwirx.com>, Box Backup <boxbackup@boxbackup.org>, 907135@bugs.debian.org

Subject: Bug#907135: [Box Backup] Debian now requires 2048bit RSA keys

From: Reinhard Tartler <siretart@gmail.com>

Date: Sun, 9 Jun 2019 18:26:40 -0400

Message-id: <[🔎] CAJ0ccebvLcA=WobsP5u8PmR+7eUYjhdbDD1R3iZcKH7pUpuuOg@mail.gmail.com>

Reply-to: Reinhard Tartler <siretart@gmail.com>, 907135@bugs.debian.org

In-reply-to: <[🔎] 35C20C31-B2B9-4F6C-BE46-8592F7AFCABB@simply-italian.co.uk>

References: <CAJ0cceZeyTQchRgmuD_+oT4bAXxawGJwYfTcXF3fgtUdauK0Zg@mail.gmail.com> <CAOg7f83Kx7CzaHQeOfebQm_CgYn9pncbtF7GJrZiXnMR1QnMKQ@mail.gmail.com> <CAJ0cceZT+bO=eocQBz3w9jKiH9mzFF6=9nVV1hH111zZD0A3Jg@mail.gmail.com> <CAOg7f82=L4roj72-5h_MX8v5ek3emT2H08f3V0q7cag19XPXJg@mail.gmail.com> <CAJ0cceZinrGBwKcqJjjorN_yaRNg2MJUW0u69gEzsvQH0-JUwA@mail.gmail.com> <CAOg7f80ECWfpHGm6Rau1-9SLZ2vOZyEJnCKGFD8+bZLEXrmdqw@mail.gmail.com> <CAJ0cceZPdn-DNrzAwKttN-z+rymOa7bbqk_9hMPtq-ixP5nfSw@mail.gmail.com> <CAOg7f82fx8_Z7uXxRW8RowJfecu24asksHNHG4-KXj6qYOVnPQ@mail.gmail.com> <CAJ0ccea9brbK+dExkCr-aDDLAhVN9VXzgp9UM-KzcFEfAvLqCQ@mail.gmail.com> <[🔎] CAOg7f80Qwwv74w5LdodK9R9cf=mdSogTgB7b+9PM2WF+tOujiQ@mail.gmail.com> <[🔎] CAJ0cceYj=ywUHA1RZHfNTxR2oSc=Jfzde9-rPc9O_YJufNt-UQ@mail.gmail.com> <[🔎] 35C20C31-B2B9-4F6C-BE46-8592F7AFCABB@simply-italian.co.uk> <153509781359.14425.9739764818059750522.reportbug@localhost>

Agreed! 

In this case, the bug was reported on Aug 24 2018 by Adrian Bunk. It was removed about a months later, namely on September 23, for failing to build from source. Four weeks is arguably quite fast. Or quite slow, depending on whom you talk to.

I probably could have reacted by disabling the test suite. Or by prodding you in those four weeks harder. Or at last have the bug fixed by end of last year, which would have left enough time to re-migrate to testing. In the future, I'll know better.

Again, sorry. I'm happy to help with getting the package to buster-backports once it opens.

-rt

On Sun, Jun 9, 2019 at 5:29 PM Chris Wilson <chris@simply-italian.co.uk> wrote:

Hi all,

It seems a bit egregious to kick out packages that were broken by a minor version upgrade in one of their dependencies (which after all is not supposed to break anything), without any warning, let alone time to fix such a complex issue properly.

I hope that Debian will consider carefully whether this course of action was really in the best interests of its users.

Thanks, Chris.

regards,
Reinhard

Reply to: