Hi Adam, On Thu, Dec 07, 2023 at 01:56:34PM +0000, Adam D. Barratt wrote: > On Thu, 2023-12-07 at 12:40 +0100, Paul Gevers wrote: > > Hi, > > > > On 07-12-2023 12:20, Adrian Bunk wrote: > > > On Thu, Dec 07, 2023 at 11:18:42AM +0100, Paul Gevers wrote: > > > > I hope that in several hours, > > > > https://release.debian.org/britney/excuses_s-p-u.html will have > > > > the answer. > > > > > > it should find packages like jtreg6 that are scheduled for the next > > > point release, but it won't find packages like gmp that went into > > > bullseye 2 years ago. > > > > Ack. Indeed it spots: > > cacti, fastdds, freetype, grub-efi-amd64-signed, grub-efi-arm64- > > signed, > > grub-efi-ia32-signed, jtreg6, llvm-toolchain-16, node-babel7, > > node-browserify-sign and slurm-wlm. A bunch of them have arch:all > > binaries. > > Heh at cacti being in the list. :-) > > fwiw the grub-efi-*-signed packages were built on buildds, in the > security archive. They got rejected when they were copied over to ftp- > master, due to the grub2 versus grub-efi-* naming issue that's been > mentioned on debian-release before. In order to get them into stable- > new, I resigned the changes files and re-uploaded them. The packages > themselves are identical to those released via security.d.o (they're > the same files). > > Similarly, the two fastdds uploads were rejected between the security > archive and ftp-master as the buildd keys had expired in the meantime, > so I simply re-signed and re-uploaded them. > > Relatedly, if a binary upload was performed to the security archive > then any binNMUs should likely happen there and then be synced across > to stable, otherwise we're only resolving part of the issue.
Hmm technically likely right, but in security we cannot very well handle the binNMUs (only if the source is already present there, otherwise ftp-masters need to inject the sources first). This is related to https://wiki.debian.org/DebianSecurity/AdvisoryCreation/SecFull?highlight=%28gen-DSA%29#BinNMUs and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823820 (well more broadly to have source available). Regards, Salvatore