Package: golang-step-crypto-dev,golang-github-smallstep-crypto-dev
Severity: serious
User: debian-qa@lists.debian.org
Usertags: fileconflict
Tags: bookworm trixie sid

Attempting to coinstall golang-step-crypto-dev and golang-github-smallstep-crypto-dev results in an error.

mmdebstrap --variant=apt --verbose '' /dev/null 'deb http://deb.debian.org/debian unstable main' --include=golang-github-smallstep-crypto-dev,golang-step-crypto-dev

Preparing to unpack .../41-golang-step-crypto-dev_0.24.0-2_all.deb ... Unpacking golang-step-crypto-dev (0.24.0-2) ...
dpkg: error processing archive /tmp/apt-dpkg-install-P5cn1U/41-golang-step-crypto-dev_0.24.0-2_all.deb (--unpack):
trying to overwrite '/usr/share/gocode/src/go.step.sm/crypto/fingerprint/fingerprint.go', which is also in package golang-github-smallstep-crypto-dev (0.57.0-1)
Errors were encountered while processing:
/tmp/apt-dpkg-install-P5cn1U/41-golang-step-crypto-dev_0.24.0-2_all.deb

There are many more files below /usr/share/gocode/src/go.step.sm/crypto affected. Could it be that these packages duplicate each other?

Please figure out which package is at fault and correctly reassign the
bug (such that QA can still associate it with the problem):

Control: reassign -1 $PACKAGE1
Control: affects -1 + $PACKAGE2

Helmut

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Le mer. 9 avr. 2025 à 17:26, Simon Josefsson <simon@josefsson.org> a écrit :

Jérémy Lal <kapouer@melix.org> writes:

I had a look at another approach, just upgrading the dependency to
golang-github-smallstep-crypto-dev
for these two packages:
- golang-step-cli-utils: all fine, level1
- golang-github-smallstep-certificates: level 2, needs the previous one
rebuilt first, and the attached patch.
There are probably mistakes in that patch.

Now that that patch passes the test suite by borrowing from upstream

fixes,

and that "caddy" also builds fine with them, I'm going to do as

advertised.

I just uploaded caddy.

Thank you! Some observations - tl;dr: I suggest to remove

golang-step-crypto-dev from the archive as discussed in 1) below, and
for us to ignore issue 2) + 3) below, even though they warrant more consideration.

1) Now there are no reverse dependencies on golang-step-crypto-dev any
more, so I think we could ask for removal of that package from the
archive which would resolve https://bugs.debian.org/1100967

jas@kaka:~/dpkg/golang-github-smallstep-crypto$ ssh mirror.ftp-master.debian.org "dak rm -Rn -b golang-step-crypto-dev"
Will remove the following packages from unstable:
golang-step-crypto-dev | 0.24.0-2 | all
Maintainer: Debian Go Packaging Team <team+pkg-go@tracker.debian.org> ------------------- Reason ------------------- ----------------------------------------------
Checking reverse dependencies...
No dependency problem found.
jas@kaka:~/dpkg/golang-github-smallstep-crypto$

To be careful, the golang-step-crypto-dev should be removed after all its previous rdeps have migrated to testing.

2) However I realized I was wrong in my comment in https://bugs.debian.org/1100967#10 about which package name is the
"proper" one. Upstream's go.mod namespace is still go.step.sm/crypto
even in latest upstream master:

https://github.com/smallstep/crypto/blob/master/go.mod

So then the "correct" package name in Debian really ought to be "golang-step-crypto" after all.... sigh. Should we upload
golang-step-crypto v0.60.0 and migrate all dependencies back to the
proper name, and then remove golang-github-smallstep-crypto?

Naming policy:

https://go-team.pages.debian.net/packaging.html#_naming_conventions_2

What was missing there for me was the definition of the term "import
path", which I now take to mean the 'module FOO' line in go.mod. I
probably confused it with the source code hosting site before.

3) Upstream namespace go.step.sm/* has been renamed to
github.com/smallstep/* for many (most?) other smallstep packages, and I
had expected this to happen to go.step.sm/crypto as well. I found this
bug report that discuss it:

https://github.com/smallstep/crypto/issues/579

So it may be that shortly the right name is actually the one we have
already prematurely migrated to. Given that there are no reverse dependencies on golang-step-crypto-dev now, I think the simplest way out
of this mess is to ask for that package to be dropped.

Once golang-step-crypto-dev has been removed, whatever the right name
will be can be provided by golang-github-smallstep-crypto ?
If there is no urgency to do that before Trixie, let's not change things
right now ?

Jérémy

<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">Le mer. 9 avr. 2025 à 17:26, Simon Josefsson &lt;<a href="mailto:simon@josefsson.org">simon@josefsson.org</a>&gt; a écrit :<

</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Jérémy Lal &lt;<a href="mailto:kapouer@melix.org" target="_blank">kapouer@melix.org</a>&gt; writes:<br>

&gt;&gt; I had a look at another approach, just upgrading the dependency to<br> &gt;&gt; golang-github-smallstep-crypto-dev<br>
&gt;&gt; for these two packages:<br>
&gt;&gt; - golang-step-cli-utils: all fine, level1<br>
&gt;&gt; - golang-github-smallstep-certificates: level 2, needs the previous one<br>
&gt;&gt; rebuilt first, and the attached patch.<br>
&gt;&gt; There are probably mistakes in that patch.<br>
&gt;&gt;<br>
&gt;<br>
&gt; Now that that patch passes the test suite by borrowing from upstream fixes,<br>
&gt; and that &quot;caddy&quot; also builds fine with them, I&#39;m going to do as advertised.<br>
<br></blockquote><div><br></div><div>I just uploaded caddy.</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
Thank you!  Some observations - tl;dr: I suggest to remove<br> golang-step-crypto-dev from the archive as discussed in 1) below, and<br>
for us to ignore issue 2) + 3) below, even though they warrant more<br> consideration.<br>

1) Now there are no reverse dependencies on golang-step-crypto-dev any<br> more, so I think we could ask for removal of that package from the<br>
archive which would resolve <a href="https://bugs.debian.org/1100967" rel="noreferrer" target="_blank">https://bugs.debian.org/1100967</a><br>

jas@kaka:~/dpkg/golang-github-smallstep-crypto$ ssh <a href="http://mirror.ftp-master.debian.org" rel="noreferrer" target="_blank">mirror.ftp-master.debian.org</a> &quot;dak rm -Rn -b golang-step-crypto-dev&quot;<br>
Will remove the following packages from unstable:<br>
golang-step-crypto-dev |   0.24.0-2 | all<br>
Maintainer: Debian Go Packaging Team &lt;<a href="mailto:team%2Bpkg-go@tracker.debian.org" target="_blank">team+pkg-go@tracker.debian.org</a>&gt;<br>
------------------- Reason -------------------<br> ----------------------------------------------<br>
Checking reverse dependencies...<br>
No dependency problem found.<br> jas@kaka:~/dpkg/golang-github-smallstep-crypto$</blockquote><div><br></div><div>To be careful, the golang-step-crypto-dev should be removed after all its previous rdeps have migrated to testing.</div><div><br></div><div> </div><blockquote class="gmail_
quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
2) However I realized I was wrong in my comment in<br>
<a href="https://bugs.debian.org/1100967#10" rel="noreferrer" target="_blank">https://bugs.debian.org/1100967#10</a> about which package name is the<br>
&quot;proper&quot; one.  Upstream&#39;s go.mod namespace is still <a href="http://go.step.sm/crypto" rel="noreferrer" target="_blank">go.step.sm/crypto</a><br>
even in latest upstream master:<br>

<a href="https://github.com/smallstep/crypto/blob/master/go.mod" rel="noreferrer" target="_blank">https://github.com/smallstep/crypto/blob/master/go.mod</a><br>

So then the &quot;correct&quot; package name in Debian really ought to be<br> &quot;golang-step-crypto&quot; after all.... sigh.  Should we upload<br> golang-step-crypto v0.60.0 and migrate all dependencies back to the<br>
proper name, and then remove golang-github-smallstep-crypto?<br>

Naming policy:<br>

<a href="https://go-team.pages.debian.net/packaging.html#_naming_conventions_2" rel="noreferrer" target="_blank">https://go-team.pages.debian.net/packaging.html#_naming_conventions_2</a><br>

What was missing there for me was the definition of the term &quot;import<br> path&quot;, which I now take to mean the &#39;module FOO&#39; line in go.mod.  I<br>
probably confused it with the source code hosting site before.<br>

3) Upstream namespace <a href="http://go.step.sm/*" rel="noreferrer" target="_blank">go.step.sm/*</a> has been renamed to<br>
<a href="http://github.com/smallstep/*" rel="noreferrer" target="_blank">github.com/smallstep/*</a> for many (most?) other smallstep packages, and I<br>
had expected this to happen to <a href="http://go.step.sm/crypto" rel="noreferrer" target="_blank">go.step.sm/crypto</a> as well.  I found this<br>
bug report that discuss it:<br>

<a href="https://github.com/smallstep/crypto/issues/579" rel="noreferrer" target="_blank">https://github.com/smallstep/crypto/issues/579</a><br>

So it may be that shortly the right name is actually the one we have<br> already prematurely migrated to.  Given that there are no reverse<br> dependencies on golang-step-crypto-dev now, I think the simplest way out<br>
of this mess is to ask for that package to be dropped.</blockquote><div><br></div><div>Once golang-step-crypto-dev has been removed, whatever the right name</div><div>will be can be provided by golang-github-smallstep-crypto ?</div><div>If there is no
urgency to do that before Trixie, let&#39;s not change things right now ?</div><div><br></div><div>Jérémy</div></div></div>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Le ven. 11 avr. 2025 à 09:51, Simon Josefsson <simon@josefsson.org> a
écrit :

Jérémy Lal <kapouer@melix.org> writes:

1) Now there are no reverse dependencies on golang-step-crypto-dev any
more, so I think we could ask for removal of that package from the
archive which would resolve https://bugs.debian.org/1100967

jas@kaka:~/dpkg/golang-github-smallstep-crypto$ ssh
mirror.ftp-master.debian.org "dak rm -Rn -b golang-step-crypto-dev"
Will remove the following packages from unstable:
golang-step-crypto-dev | 0.24.0-2 | all
Maintainer: Debian Go Packaging Team <team+pkg-go@tracker.debian.org>
------------------- Reason -------------------
----------------------------------------------
Checking reverse dependencies...
No dependency problem found.
jas@kaka:~/dpkg/golang-github-smallstep-crypto$

To be careful, the golang-step-crypto-dev should be removed after all its previous rdeps have migrated to testing.

I think this is the case now:

jas@kaka:~/dpkg/golang-gitlab-gitlab-org-api-client-go$ ssh mirror.ftp-master.debian.org "dak rm -Rn -b -s=testing golang-step-crypto-dev"
Will remove the following packages from testing:
golang-step-crypto-dev | 0.24.0-2 | all
Maintainer: Debian Go Packaging Team <team+pkg-go@tracker.debian.org> ------------------- Reason ------------------- ----------------------------------------------
Checking reverse dependencies...
No dependency problem found. jas@kaka:~/dpkg/golang-gitlab-gitlab-org-api-client-go$

What do you think about reassigning this bug report to ftp.debian.org
and renaming subject to:

RM: golang-step-crypto-dev -- RoM; not used, replaced by golang-github-smallstep-crypto

Once golang-step-crypto-dev is removed from testing/unstable, the
original problem in this bug report should be resolved.

I'm not sure about severity. Technically this is a RC bug in both of
these packages, but the solution to the RC problem is to remove one of
the packages. But I doubt the ftp.debian.org maintainers would regard
this as a RC bug for them? Maybe it is acceptable to lower the severity hoping the package will be removed soon. But if the removal doesn't
happen soon, it feels weird to have RC buggy packages without a proper
RC bug on them. Helmut, do you have any preference/recommendation? If someone who understands the bug tracker better than I could do the
rename that would be appreciated.

To avoid the odd-ness of assigning a RC bug to ftp.debian.org,
I'd rather create a new Removal Request, then block 1100967 with it ?

<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">Le ven. 11 avr. 2025 à 09:51, Simon Josefsson &lt;<a href="mailto:simon@josefsson.org">simon@josefsson.org</a>&gt; a écrit :<

</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Jérémy Lal &lt;<a href="mailto:kapouer@melix.org" target="_blank">kapouer@melix.org</a>&gt; writes:<br>

&gt;&gt; 1) Now there are no reverse dependencies on golang-step-crypto-dev any<br>
&gt;&gt; more, so I think we could ask for removal of that package from the<br> &gt;&gt; archive which would resolve <a href="https://bugs.debian.org/1100967" rel="noreferrer" target="_blank">https://bugs.debian.org/1100967</a><br>
&gt;&gt;<br>
&gt;&gt; jas@kaka:~/dpkg/golang-github-smallstep-crypto$ ssh<br>
&gt;&gt; <a href="http://mirror.ftp-master.debian.org" rel="noreferrer" target="_blank">mirror.ftp-master.debian.org</a> &quot;dak rm -Rn -b golang-step-crypto-dev&quot;<br>
&gt;&gt; Will remove the following packages from unstable:<br>
&gt;&gt; golang-step-crypto-dev |   0.24.0-2 | all<br>
&gt;&gt; Maintainer: Debian Go Packaging Team &lt;<a href="mailto:team%2Bpkg-go@tracker.debian.org" target="_blank">team+pkg-go@tracker.debian.org</a>&gt;<br>
&gt;&gt; ------------------- Reason -------------------<br>
&gt;&gt; ----------------------------------------------<br>
&gt;&gt; Checking reverse dependencies...<br>
&gt;&gt; No dependency problem found.<br>
&gt;&gt; jas@kaka:~/dpkg/golang-github-smallstep-crypto$<br>
&gt;<br>
&gt;<br>
&gt; To be careful, the golang-step-crypto-dev should be removed after all its<br>
&gt; previous rdeps have migrated to testing.<br>

I think this is the case now:<br>

jas@kaka:~/dpkg/golang-gitlab-gitlab-org-api-client-go$ ssh <a href="http://mirror.ftp-master.debian.org" rel="noreferrer" target="_blank">mirror.ftp-master.debian.org</a> &quot;dak rm -Rn -b -s=testing golang-step-crypto-dev&quot;<br>
Will remove the following packages from testing:<br>
golang-step-crypto-dev |   0.24.0-2 | all<br>
Maintainer: Debian Go Packaging Team &lt;<a href="mailto:team%2Bpkg-go@tracker.debian.org" target="_blank">team+pkg-go@tracker.debian.org</a>&gt;<br>
------------------- Reason -------------------<br> ----------------------------------------------<br>
Checking reverse dependencies...<br>
No dependency problem found.<br> jas@kaka:~/dpkg/golang-gitlab-gitlab-org-api-client-go$ <br>

What do you think about reassigning this bug report to <a href="http://ftp.debian.org" rel="noreferrer" target="_blank">ftp.debian.org</a><br>
and renaming subject to:<br>

RM: golang-step-crypto-dev -- RoM; not used, replaced by golang-github-smallstep-crypto </blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">

Once golang-step-crypto-dev is removed from testing/unstable, the<br>
original problem in this bug report should be resolved. </blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">

I&#39;m not sure about severity.  Technically this is a RC bug in both of<br> these packages, but the solution to the RC problem is to remove one of<br>
the packages.  But I doubt the <a href="http://ftp.debian.org" rel="noreferrer" target="_blank">ftp.debian.org</a> maintainers would regard<br>
this as a RC bug for them?  Maybe it is acceptable to lower the severity<br> hoping the package will be removed soon.  But if the removal doesn&#39;t<br> happen soon, it feels weird to have RC buggy packages without a proper<br>
RC bug on them.  Helmut, do you have any preference/recommendation?  If<br> someone who understands the bug tracker better than I could do the<br>
rename that would be appreciated.<br></blockquote><div><br></div><div>To avoid the odd-ness of assigning a RC bug to <a href="http://ftp.debian.org">ftp.debian.org</a>,</div><div>I&#39;d rather create a new Removal Request, then block 1100967 with it ?</

<div><br></div></div></div>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, Apr 9, 2025 at 11:26 PM Simon Josefsson <simon@josefsson.org> wrote:

Thank you! Some observations - tl;dr: I suggest to remove golang-step-crypto-dev from the archive as discussed in 1) below, and
for us to ignore issue 2) + 3) below, even though they warrant more consideration.

1) Now there are no reverse dependencies on golang-step-crypto-dev any
more, so I think we could ask for removal of that package from the
archive which would resolve https://bugs.debian.org/1100967

[...]

2) However I realized I was wrong in my comment in https://bugs.debian.org/1100967#10 about which package name is the
"proper" one. Upstream's go.mod namespace is still go.step.sm/crypto
even in latest upstream master:

https://github.com/smallstep/crypto/blob/master/go.mod

So then the "correct" package name in Debian really ought to be "golang-step-crypto" after all.... sigh. Should we upload
golang-step-crypto v0.60.0 and migrate all dependencies back to the
proper name, and then remove golang-github-smallstep-crypto?

Sorry for the late reply. But I think it can be better handled.

We can just update golang-step-crypto to 0.57.0-1 and make golang-github-smallstep-crypto-dev as a transitional package.

I prefer we keep the correct package name, aka golang-step-crypto.

--
Shengjing Zhu

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Jérémy Lal <kapouer@melix.org> writes:

2) However I realized I was wrong in my comment in
https://bugs.debian.org/1100967#10 about which package name is the
"proper" one. Upstream's go.mod namespace is still go.step.sm/crypto
even in latest upstream master:

https://github.com/smallstep/crypto/blob/master/go.mod

So then the "correct" package name in Debian really ought to be
"golang-step-crypto" after all.... sigh. Should we upload
golang-step-crypto v0.60.0 and migrate all dependencies back to the
proper name, and then remove golang-github-smallstep-crypto?

Sorry for the late reply. But I think it can be better handled.

We can just update golang-step-crypto to 0.57.0-1 and make
golang-github-smallstep-crypto-dev as a transitional package.

I prefer we keep the correct package name, aka golang-step-crypto.

That solution could be done before soft freeze.

No objection from me, but Shengjing do you still prefer this given that upstream plan to rename the package? The Debian
golang-github-smallstep-crypto package would follow that new name.

https://github.com/smallstep/crypto/issues/579#issuecomment-2790249872

Alas I won't have time to think about what changes is needed to complete
this migration and upload things in the next few days before the soft
freeze, sorry.

I would have noticed and caught this earlier if there was a Salsa CI/CD pipeline check that complained if the package name differ from the Go
naming style guidelines, or we had some similar automatic checking.
Thoughts on adding that? For someone like me who isn't all that
familiar with Go and Go library namespaces, the policy could also
clarify exactly what the "import name" refers to. For me it is
ambiguous (I "import" the package from github.com/smallstep/crypto/...).

/Simon

--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQNoBAEWCAMQFiEEo8ychwudMQq61M8vUXIrCP5HRaIFAmf6DCIUHHNpbW9uQGpv c2Vmc3Nvbi5vcmfCHCYAmDMEXJLOtBYJKwYBBAHaRw8BAQdACIcrZIvhrxDBkK9f V+QlTmXxo2naObDuGtw58YaxlOu0JVNpbW9uIEpvc2Vmc3NvbiA8c2ltb25Aam9z ZWZzc29uLm9yZz6IlgQTFggAPgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgBYh BLHSvRN1vst4TPT4xNc89jjFPAa+BQJn0XQkBQkNZGbwAAoJENc89jjFPAa+BtIA /iR73CfBurG9y8pASh3cbGOMHpDZfMAtosu6jbpO69GHAP4p7l57d+iVty2VQMsx +3TCSAvZkpr4P/FuTzZ8JZe8BrgzBFySz4EWCSsGAQQB2kcPAQEHQOxTCIOaeXAx I2hIX4HK9bQTpNVei708oNr1Klm8qCGKiPUEGBYIACYCGwIWIQSx0r0Tdb7LeEz0 +MTXPPY4xTwGvgUCZ9F0SgUJDWRmSQCBdiAEGRYIAB0WIQSjzJyHC50xCrrUzy9R cisI/kdFogUCXJLPgQAKCRBRcisI/kdFoqdMAQCgH45aseZgIrwKOvUOA9QfsmeE 8GZHYNuFHmM9FEQS6AD6A4x5aYvoY6lo98pgtw2HPDhmcCXFItjXCrV4A0GmJA4J ENc89jjFPAa+wUUBAO64fbZek6FPlRK0DrlWsrjCXuLi6PUxyzCAY6lG2nhUAQC6 qobB9mkZlZ0qihy1x4JRtflqFcqqT9n7iUZkCDIiDbg4BFySz2oSCisGAQQBl1UB BQEBB0AxlRumDW6nZY7A+VCfek9VpEx6PJmdJyYPt3lNHMd6HAMBCAeIfgQYFggA JgIbDBYhBLHSvRN1vst4TPT4xNc89jjFPAa+BQJn0XTSBQkNZGboAAoJENc89jjF PAa+0M0BAPPRq73kLnHYNDMniVBOzUdi2XeF32idjEWWfjvyIJUOAP4wZ+ALxIeh is3Uw2BzGZE6ttXQ2Q+DeCJO3TPpIqaXDAAKCRBRcisI/kdFojgdAQDPLVmXwcb5 5Y/6iuIquftZZHxUW6IqSfS5uYaWRakGpQEAgQIVoW2glb+K1FvqWPWNZTYMdVbb R/yc18bIxval/Qo=Zv1e
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is a multi-part message in MIME format...

Your message dated Tue, 15 Apr 2025 17:41:53 +0000
with message-id <E1u4kID-009H0Z-DE@fasolo.debian.org>
and subject line Bug#1102636: Removed package(s) from unstable
has caused the Debian Bug report #1100967,
regarding golang-step-crypto-dev and golang-github-smallstep-crypto-dev have undeclared file conflicts
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


--
1100967: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100967
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

Received: (at submit) by bugs.debian.org; 21 Mar 2025 06:55:14 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.6-bugs.debian.org_2005_01_02
(2021-04-09) on buxtehude.debian.org
X-Spam-Level:
X-Spam-Status: No, score=-35.2 required=4.0 tests=BAYES_00,
BODY_INCLUDES_CONTROL_AFFECTS,BODY_INCLUDES_CONTROL_REASSIGN,
BODY_INCLUDES_PACKAGE,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,
DKIM_VALID_EF,HAS_PACKAGE,SPF_HELO_NONE,SPF_NONE autolearn=ham
autolearn_force=no version=3.4.6-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 25; hammy, 140; neutral, 32; spammy,
0. spammytokens: hammytokens:0.000-+--trixie, 0.000-+--bookworm,
0.000-+--sk:golang, 0.000-+--sk:golang-, 0.000-+--H*F:U*helmut Return-path: <helmut@subdivi.de>
Received: from isilmar-4.linta.de ([136.243.71.142]:41108)
by buxtehude.debian.org with esmtps (TLS1.3:ECDHE_X25519__RSA_