-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Sun, 2019-06-16 at 15:50 +0200, Ivo De Decker wrote: > > We regularly get biten by this issue when contributors to security > > uploads, most recently with the bind9 upload but as well others. > > Is it clear in what cases this issue happens? Guillem mentioned > "dpkg-buildpackage --changes-option=-S" in https://bugs.debian.org/869184#75 > Are there any other use cases that trigger it? > > As "--changes-option=-S" creates an upload that is broken from the point of > view of the archive, it might make sense not to recommend (or even allow) this > for now. Just building with "-S" instead should create a buildinfo file with > _source, which won't trigger this issue.
I'm my case I'm just using pbuilder with SOURCE_ONLY_CHANGES=yes, so it builds a complete (arch:all + arch:any) package, then generate a .changes for source- only upload (but there's the amd64.buildinfo included). Regards, - -- Yves-Alexis -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAl0GWt8ACgkQ3rYcyPpX RFtQ8ggAnZSlfTWlEx4sLTfq59wI7ooeFwqRn84tuF5o9wGkmu6TiqvL5iKiw2l5 4j8x/bmwvTw4VE4QW7tMCnZ3VEfiZA4NXBkFVoCvwhiDFKWhzZL058yfoRqMMIhf O/GAnZ0FIjwn3s0k5K6TEFPHNA9CdIhHWtLBnzVfwIZt3QeuVYE0CTE9ZehTrGZe ygr2mlyNjO+izUwqlacwyDV7vH6p0789I6ulYKn/2AfxRxf/S7C+GmKbIrXy8e+9 xTWDcuudK9BmZU2WjtzY43ER7gyzFx8AHv89AXmWZ9jcaBiFcbd0K7pKnAPsY/+x +FwaxjrWWoIquJezCQ0RGmtPdxpE3Q== =L3gm -----END PGP SIGNATURE-----
