On 05.04.23 14:36, Philipp Hahn wrote:
Hello Tobias,
Am 05.04.23 um 14:27 schrieb Philipp Hahn:
According to
<https://tracker.debian.org/media/packages/f/firmware-nonfree/changelog-20190114really20220913-0deb10u1> you uploaded the package to "buster-security", but only the source package made it into the archive; the binary packages are still missing in <http://ftp.de.debian.org/debian-security/pool/updates/non-free/f/firmware-nonfree/>.
In the past that already happened multiple times for other packages
like "amd64-microcode" as some(?) packages from "non-free" are not
build by Debians auto-builders and must be allow-listed.
Can you please have a look?
Same for intel-microcode:
<https://tracker.debian.org/media/packages/i/intel-microcode/changelog-3.20230214.1deb10u1>
<https://packages.debian.org/source/oldstable/updates/intel-microcode>
<http://ftp.de.debian.org/debian-security/pool/updates/non-free/i/intel-microcode/>
I suppose there has been a long-standing assumption that non-free does
not get security support, so non-free{,-firmware} is not actually
autobuilt for -security suites right now. And maintainers uploaded
binaries manually with their security uploads for that reason. It does
look like we should revisit that.
Kind regards
Philipp Kern
