On Thu, Dec 07, 2023 at 01:56:34PM +0000, Adam D. Barratt wrote: >... > Relatedly, if a binary upload was performed to the security archive > then any binNMUs should likely happen there and then be synced across > to stable, otherwise we're only resolving part of the issue.
I'd start one step earlier: Most affected uploads should never have contained binaries. There are some rare cases where a package in -security or -pu hits NEW, but most cases look more like people wrongly assuming binaries would be required for stable-new or stable-security. You don't hit NEW in stable-security or stable-pu when the package is already in stable. > Regards, > > Adam cu Adrian _______________________________________________ Reproducible-builds mailing list Reproducible-builds@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/reproducible-builds