[Bug 1966200] Re: [FFe] rustc: Downgrade cargo from Recommends to Suggests

Launchpad Bug Tracker 1966200 at bugs.launchpad.net
Sat Apr 2 05:03:19 UTC 2022 

This bug was fixed in the package rustc - 1.58.1+dfsg1~ubuntu1-0ubuntu2

---------------
rustc (1.58.1+dfsg1~ubuntu1-0ubuntu2) jammy; urgency=medium

  * d/p/ubuntu-fix-crossbeam-CVE-2022-23639.patch: amended to also patch the
    0.7.2 version of the crate
  * Downgrade cargo from rustc Recommends to Suggests to make rustc promotable to
    main. (LP: #1966200)

 -- Simon Chopin <simon.chopin at canonical.com>  Fri, 01 Apr 2022 11:54:57
+0200

** Changed in: rustc (Ubuntu)
       Status: Triaged => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-23639

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rustc in Ubuntu.
https://bugs.launchpad.net/bugs/1966200

Title:
  [FFe] rustc: Downgrade cargo from Recommends to Suggests

Status in rustc package in Ubuntu:
  Fix Released

Bug description:
  Hi,

  I'd like to upload a new rustc version (see attached debdiff). In
  addition to the obvious security fix, this version would downgrade the
  Recommends: cargo to a mere Suggests: for the rustc binary.

  The rationale behind the change is that we'd like to promote rustc to
  main (see https://bugs.launchpad.net/ubuntu/+source/rustc/+bug/1957932
  for details) and cargo isn't ready to be promoted.

  I expect the impact on the archive to be minimal, as there are only
  two direct reverse-dependencies on rustc:

  ❯ reverse-depends rustc
  Reverse-Depends
  * cargo
  * rust-all

  rust-all already has its own Depends: relationship to cargo, and as
  such isn't relying on rustc to provide it.

  AFAIK our builders don't consider Recommends dependencies, so this
  change shouldn't result in build breakages.

  My educated guess is that any user that wishes to install Rust and
  does *not* follow that community's standard way of doing things
  (bypassing system packages) would install rust-all or cargo directly,
  not expecting rustc to provide the higher-level tooling.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rustc/+bug/1966200/+subscriptions

More information about the foundations-bugs mailing list