On 6/25/24 16:34, Jérémy Lal wrote:
Le mar. 25 juin 2024 à 22:22, Salvatore Bonaccorso <car...@debian.org <mailto:car...@debian.org>> a écrit :
[...]
Thanks a lot for your work Adrian. Please note that there is currently a nodejs upload pending for releasing via a DSA, which will rebase nodejs to 18.20.3+dfsg-1~deb12u1 so this might invalidate those changes. Jérémy, Aron is that something you want to have included in your prepared update?Indeed, it's applied to 18.20.3+dfsg-1~deb12u1, along with other skipped tests.I'll resume work on this by the end of the week.
While we wait for this, is there any reason to keep the existing 18.20.3+dfsg-1~deb12u1 upload in the embargoed security queue? Security packages are actively building against it, which is a bit of a problem for reproducibility. Someone actually asked me about oddities in the chromium package that was originally built for bookworm-security, and now sits in the 12.6 point release. It turns out that it built against the embargoed nodejs, but since that nodejs package was never released, they can't use it to reproduce the chromium in 12.6.
If there's a new nodejs bookworm-security package being uploaded at some point and the currently embargoed nodejs package will never be released, perhaps we should REJECT it now?
-- I'm available for contract & employment work, see: https://spindle.queued.net/~dilinger/resume-tech.pdf
OpenPGP_signature.asc
Description: OpenPGP digital signature