On Fri, Nov 28, 2025, at 11:24 PM, Adrian Bunk wrote: > On Fri, Nov 28, 2025 at 04:27:08PM +0900, Simon Richter wrote: >> Hi, >> >> On 11/28/25 2:24 PM, Adrian Bunk wrote: >> >> > > There is significant established practice for using arch:all in this >> > > way. >> >> > Which is not particularly relevant when building an architecture >> > ecosystem in arch:all would prevent providing security support. >> >> The way I understand it, the problem isn't the arch:all, but the static >> linking. >> >> Sourceful uploads to fix an issue are unproblematic, because they generate >> new arch:all packages anyway. >> >> The worst case we need to look at is that we need to rebuild all dependent >> packages, >>... > > How do you generate and sign potentially hundreds or thousands of > sourceful uploads for these dependent packages?
thanks, now I understand your concerns much better! if we reach a point where we have hundreds or thousands of packages building for WASM or BPF targets, then yes, we need a solution. I think that solution would/should go more in the direction of moving them to a partial architecture, or fixing arch:all binNMUs (/automating source no-change bumps), rather than pretending those packages are all arch-specific and duplicating them across all archs to allow binNMUing them.. I suspect the number of such packages will be tiny for forky, and still rather small for duke.
