On Fri, November 11, 2011 22:41, Julien Cristau wrote: > On Fri, Nov 11, 2011 at 22:24:33 +0100, Florian Weimer wrote: > >> * Adam D. Barratt: >> >> > The i386 .changes file has a signature from 2011-11-07, which would >> tie >> > in with the second file above. The only i386 build of this version I >> > can see in the wanna-build database is from June, so I assume it was >> > rebuilt for some reason, including the arch-indep packages, and the >> > packages from the rebuild somehow ended up being installed in the >> > security archive instead of the originals. >> >> If I understand things correctly, the i386 package had to be rebuilt >> because the buildd's key expired before upload to the archive. It's >> unfortunate that this caused further issues, but I don't think any ill >> things are going on here. >> > buildd key expired means the package has to be re-signed, not rebuilt. > And doesn't explain why security and ftp-master ended up with different > sets of packages.
This was probably me. I cannot reproduce the exact details, but installation of xen was kind of a clusterchallenge: indeed some of the buildd keys expired, but also the packages I installed (without errors) didn't have the orig tarballs included because when accepted in April there was still a previous upload of xen in the queue that did have an orig tarball. I had to jump through several hoops and tries to get something both with an orig tarball and signed by nonexpired keys installed for all archs. Apparently this lead to the current situation of the different archives having accepted different builds of the same source. I'm fine with just replacing the copy on ftp-master with the build from security-master, which would seem to solve the issue. Thijs -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
