Hi Ansgar, On Tue, Jun 18, 2019 at 09:03:23PM +0200, Ansgar Burchardt wrote: [...] > > Sure, I understand that things works like that, I'm just showing a few > > design points that could potentially be done differently. > > We could also just not accept .buildinfo uploads when they don't contain > useful information about published binaries, that is for source-only > uploads. > > Maybe I should reenable the check for this at least on security-master? > It was rejecting uploads that are okay for unstable/experimental so I > disabled it again the last time.
Thank you I think that would be a good compromise. Source-only uploads remain possible for security uploads, and ftp-masters and security team members do not need to roundtrip reuploading binary builds (download, rename, resign ... reupload) and instead uploads which contain a buildinfo file rejected giving the uploader a explanation why, and the possiblity to just reupload a "proper" source only one. Regards, Salvatore
