Hi, On Thu, May 09, 2019 at 07:24:56PM +0200, Salvatore Bonaccorso wrote: > > On Sun, Nov 11, 2018 at 08:38:36AM +0100, Salvatore Bonaccorso wrote: > > > On Fri, Nov 09, 2018 at 11:48:27AM +0100, Guillem Jover wrote: > > > > On Thu, 2018-11-08 at 20:28:57 +0000, Holger Levsen wrote: > > > > > On Thu, Nov 08, 2018 at 09:24:01PM +0100, Salvatore Bonaccorso wrote: > > > > > in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869184#40 Guillem > > > > > wrote: > > > > > > > > > > Perhaps the simplest and more correct might be to name it using > > > > > something like source+amd64 as the arch name, which seems like a > > > > > dubious arch, but at least is accurate and might be trivial to > > > > > implement, taking care of not ending up with such fake arch in > > > > > unexpected places… > > > > > > > > > > and I cannot find anything wrong with this simple solution and have > > > > > already asked Guillem in August to implement this ;) > > > > > > > > So, as I mentioned at the time this would require modifing the internal > > > > filtering of the debian/files entries to cover this case in several of > > > > the tools. It also modifies the documented filename pattern in > > > > deb-buildinfo(5). This is all solvable and I should probably just do it. > > > > But this breaks previous public filename "interfaces", seems rather > > > > intrusive, and entirely inappropriate for a stable update, which means > > > > it would not fix your immediate problems anyway, only starting with > > > > Buster. :/ > > > Although this would not help us for stretch-security uploads, such a > > > move starting from buster would be very appreciated!
Guillem, back in November Salvatore said they would appreciate this
"source+amd64 as the arch name" solution for this bug (see above), while
now (because nothing happened I believe) he suggests disabling source
all uploads for security builds, which IMO would be a *very* bad and sad
outcome, as I believe source only security uploads are even more desired
than regular source only uploads...
> We regularly get biten by this issue when contributors to security
> uploads, most recently with the bind9 upload but as well others.
>
> Would it be possible to at least workaround this on dak's side?
> Disabling source-only uploads completely would seem to be a step back
> on that regards.
>
> Though if that's the only way out of having to regularly fetch the
> rejected builds, do manual renamings and resigning and reuploading of
> files, then we should then just disable source-only uploads for the
> security suites again.
>
> So I think we pretty much would prefer to be able to continue so.
>
> Just to be clear, thanks a lot for your work, this is not meant as
> critique, just hilighting that we have recurring issues due to this
> bug when people perform uploads for security.
sigh, understandable...
--
tschau,
Holger
-------------------------------------------------------------------------------
holger@(debian|reproducible-builds|layer-acht).org
PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
signature.asc
Description: PGP signature
