Hi Ansgar,
On 20-05-2019 09:06, Ansgar wrote:
> I though about importing the full source to security-master already for
> a different reason: `Built-Using` leads to a similar problem as binNMUs
> in that uploads require source that is not already present in the
> archive.
>
> It is not necessary to push all sources to the public mirrors.
Does this mean you think it is feasible to do/fix this in the near future?
>> Another solution already raised by Shengjing is to merge the archives. I
>> *guess* that is undesirable due to the fact that the security archive
>> often has embargoed sources and binaries. Am I right there?
>
> That doesn't work as dak doesn't try to keep secrets. There are various
> ways information would be leaked about embargoed issues (mails,
> database, web interface (rmadison), ...).
>
> I personally also don't find it too bad to have a fallback: if one of
> the hosts is broken at the same time we have to release a critical
> update, we can still do so by publishing via the "wrong" archive.
Regarding my other direction with wanna-build, I learned yesterday via
another bug (#894441 binNMUs should be replaced by easy no-change
uploads) that wanna-build is not in the place to fix this because
uploads need to be signed.
Paul
signature.asc
Description: OpenPGP digital signature