On Wed, Jul 21, 2021 at 05:48:52PM +0200, Stig Sandbeck Mathisen wrote: > Package: release.debian.org > Severity: normal > User: release.debian....@packages.debian.org > Usertags: binnmu > > Hello, > > Please do a BinNMU of "varnish-modules" to ensure that the "varnish" security > fix can migrate to testing. > > Background: After upgrading "varnish" from 6.5.1 to 6.5.2, the module > "bodyaccess" in this package fails to load, which was discovered with > autopkgtest. The "bodyaccess" module has a stricter dependency on the Varnish > version than the dependency declared in the "varnish-modules" package. > > Getting the correct dependency into "varnish-modules" is tracked in > https://bugs.debian.org/991348,
I am not a member of the release team, but shouldn't #991348 be a release critical bug in any case? An security update of varnish after bullseye became stable could cause to same problem, breaking production systems of our users. > but a rebuild of "varnish-modules" against the > new varnish package may be a faster fix due to the freeze. >... Doing first an NMU and then the proper fix of varnish-modules for bullseye is not faster than doing the proper fix for varnish-modules right away. cu Adrian