hi Guillem,
On Fri, Nov 09, 2018 at 11:55:38AM +0100, Guillem Jover wrote:
> Actually, I guess the other option that might be an option for stable is
> to make dpkg-buildpackage generate the buildinfo file itself, and on
> source-only uploads force the name to be _source.buildinfo regardless
> of
Hi,
On Sat, Aug 17, 2019 at 10:37:43AM +0200, Salvatore Bonaccorso wrote:
> Hi Ansgar,
>
> On Wed, Jun 19, 2019 at 08:39:50AM +0200, Salvatore Bonaccorso wrote:
> > Hi Ansgar,
> >
> > On Tue, Jun 18, 2019 at 09:03:23PM +0200, Ansgar Burchardt wrote:
> > [...]
> > > > Sure, I understand that thin
Hi,
On Fri, Mar 02, 2018 at 01:25:51AM +0100, Guillem Jover wrote:
> On Thu, 2018-03-01 at 15:22:30 +, Holger Levsen wrote:
> > On Wed, Jan 24, 2018 at 04:05:39PM +0100, Salvatore Bonaccorso wrote:
> > > Any news regarding this proposal from Ansgar? We were biten now
> > > several times alread
Hi Ansgar,
On Wed, Jun 19, 2019 at 08:39:50AM +0200, Salvatore Bonaccorso wrote:
> Hi Ansgar,
>
> On Tue, Jun 18, 2019 at 09:03:23PM +0200, Ansgar Burchardt wrote:
> [...]
> > > Sure, I understand that things works like that, I'm just showing a few
> > > design points that could potentially be do
On Mon, 08 Jul 2019 16:39:30 -0700 Vagrant Cascadian wrote:
> On 2019-07-09, Francesco Poli wrote:
[...]
> > Maybe it's a naive question: what's the use of including a .buildinfo
> > file into a source-only upload? Is it superfluous?
>
> It's an attestation from the uploader that they built the p
On 2019-07-09, Francesco Poli wrote:
> On Wed, 19 Jun 2019 08:39:50 +0200 Salvatore Bonaccorso wrote:
>
> [...]
>> On Tue, Jun 18, 2019 at 09:03:23PM +0200, Ansgar Burchardt wrote:
> [...]
>> > We could also just not accept .buildinfo uploads when they don't contain
>> > useful information about p
On Wed, 19 Jun 2019 08:39:50 +0200 Salvatore Bonaccorso wrote:
[...]
> On Tue, Jun 18, 2019 at 09:03:23PM +0200, Ansgar Burchardt wrote:
[...]
> > We could also just not accept .buildinfo uploads when they don't contain
> > useful information about published binaries, that is for source-only
> >
Hi Ansgar,
On Tue, Jun 18, 2019 at 09:03:23PM +0200, Ansgar Burchardt wrote:
[...]
> > Sure, I understand that things works like that, I'm just showing a few
> > design points that could potentially be done differently.
>
> We could also just not accept .buildinfo uploads when they don't contain
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Tue, 2019-06-18 at 21:20 +0200, Mattia Rizzolo wrote:
> That would indeed be a fine workaround for me, and reduce the load the
> security team is experience, since it's the team which is the most
> affect by this.
> (Incidentally, it also is the s
On Tue, Jun 18, 2019 at 09:03:23PM +0200, Ansgar Burchardt wrote:
> > Also here, it feels to me that once something is accepted into a policy
> > queue, dak should already consider it something controlled by itself,
> > store checksums in the database and be done, not keep the .changes
> > around a
Mattia Rizzolo writes:
> On Tue, Jun 18, 2019 at 06:29:12PM +0200, Ansgar Burchardt wrote:
>> The .buildinfo files are referred to in the .changes files; renaming
>> them would require updating the .changes file. The .changes files are
>> used to upload the security updates to ftp-master.
>
> With
On Tue, Jun 18, 2019 at 06:29:12PM +0200, Ansgar Burchardt wrote:
> The .buildinfo files are referred to in the .changes files; renaming
> them would require updating the .changes file. The .changes files are
> used to upload the security updates to ftp-master.
With .changes being ephemeral, it f
On Mon, 2019-06-17 at 13:12 -0700, Vagrant Cascadian wrote:
> > This behaviour is really causing issues for the security-archive so in
> > one way or the other there needs to be a solution. Regularly we need
> > to fetch the buildd changes and build binary packages, resign them and
> > reupload the
On 2019-06-17, Salvatore Bonaccorso wrote:
> On Sun, Jun 16, 2019 at 01:49:24PM -0400, Daniel Kahn Gillmor wrote:
>> On Sun 2019-06-16 15:50:55 +0200, Ivo De Decker wrote:
>> > As "--changes-option=-S" creates an upload that is broken from the point of
>> > view of the archive, it might make sense
Hi Daniel,
On Sun, Jun 16, 2019 at 01:49:24PM -0400, Daniel Kahn Gillmor wrote:
> On Sun 2019-06-16 15:50:55 +0200, Ivo De Decker wrote:
> > As "--changes-option=-S" creates an upload that is broken from the point of
> > view of the archive, it might make sense not to recommend (or even allow)
>
On Sun 2019-06-16 15:50:55 +0200, Ivo De Decker wrote:
> As "--changes-option=-S" creates an upload that is broken from the point of
> view of the archive, it might make sense not to recommend (or even allow) this
> for now. Just building with "-S" instead should create a buildinfo file with
> _sou
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Sun, 2019-06-16 at 15:50 +0200, Ivo De Decker wrote:
> > We regularly get biten by this issue when contributors to security
> > uploads, most recently with the bind9 upload but as well others.
>
> Is it clear in what cases this issue happens? Gui
Hi,
Last week, Salvatore pointed me at this bug and Holger mentioned it in his
talk.
On Thu, May 09, 2019 at 07:24:56PM +0200, Salvatore Bonaccorso wrote:
[...]
> We regularly get biten by this issue when contributors to security
> uploads, most recently with the bind9 upload but as well others
Hi,
On Thu, May 09, 2019 at 07:24:56PM +0200, Salvatore Bonaccorso wrote:
> > On Sun, Nov 11, 2018 at 08:38:36AM +0100, Salvatore Bonaccorso wrote:
> > > On Fri, Nov 09, 2018 at 11:48:27AM +0100, Guillem Jover wrote:
> > > > On Thu, 2018-11-08 at 20:28:57 +, Holger Levsen wrote:
> > > > > On T
Hi,
On Sat, Mar 09, 2019 at 03:00:10PM +0100, Salvatore Bonaccorso wrote:
> Hi
>
> The following question goes maybe specifically to Ansgar, from
> dak/ftp-master perspective:
>
> On Sun, Nov 11, 2018 at 08:38:36AM +0100, Salvatore Bonaccorso wrote:
> > Hi Guillem!
> >
> > On Fri, Nov 09, 2018
Hi
The following question goes maybe specifically to Ansgar, from
dak/ftp-master perspective:
On Sun, Nov 11, 2018 at 08:38:36AM +0100, Salvatore Bonaccorso wrote:
> Hi Guillem!
>
> On Fri, Nov 09, 2018 at 11:48:27AM +0100, Guillem Jover wrote:
> > Hi!
> >
> > On Thu, 2018-11-08 at 20:28:57 +00
Hi Guillem!
On Fri, Nov 09, 2018 at 11:48:27AM +0100, Guillem Jover wrote:
> Hi!
>
> On Thu, 2018-11-08 at 20:28:57 +, Holger Levsen wrote:
> > On Thu, Nov 08, 2018 at 09:24:01PM +0100, Salvatore Bonaccorso wrote:
> > > We were again biten by this issue for some security-updates (most
> > > r
On Fri, 2018-11-09 at 11:55:38 +0100, Guillem Jover wrote:
> Actually, I guess the other option that might be an option for stable is
> to make dpkg-buildpackage generate the buildinfo file itself, and on
> source-only uploads force the name to be _source.buildinfo regardless
> of the options passe
Hi!
On Fri, 2018-11-09 at 11:48:27 +0100, Guillem Jover wrote:
> On Thu, 2018-11-08 at 20:28:57 +, Holger Levsen wrote:
> > On Thu, Nov 08, 2018 at 09:24:01PM +0100, Salvatore Bonaccorso wrote:
> > > We were again biten by this issue for some security-updates (most
> > > recent one nginx). Do
Hi!
On Thu, 2018-11-08 at 20:28:57 +, Holger Levsen wrote:
> On Thu, Nov 08, 2018 at 09:24:01PM +0100, Salvatore Bonaccorso wrote:
> > We were again biten by this issue for some security-updates (most
> > recent one nginx). Do any involved parties know, was there any
> > progress in adressing
Hi,
On Thu, Nov 08, 2018 at 09:24:01PM +0100, Salvatore Bonaccorso wrote:
> We were again biten by this issue for some security-updates (most
> recent one nginx). Do any involved parties know, was there any
> progress in adressing this problem?
in https://bugs.debian.org/cgi-bin/bugreport.cgi?bu
Hi
We were again biten by this issue for some security-updates (most
recent one nginx). Do any involved parties know, was there any
progress in adressing this problem?
Sorry I know, probably patches and ideas welcome, but I cannot
contribute here, take my question please just from my "users"
poi
On 2018-03-01, Guillem Jover wrote:
> On Thu, 2018-03-01 at 15:22:30 +, Holger Levsen wrote:
>> On Wed, Jan 24, 2018 at 04:05:39PM +0100, Salvatore Bonaccorso wrote:
>> We (reproducible builds) really dont want "our" tools (=.buildinfo files)
>> to cause grief to other teams in Debian, and espe
Hi Guillem,
people are still affected by this bug...
On Fri, Mar 02, 2018 at 01:25:51AM +0100, Guillem Jover wrote:
> Perhaps the simplest and more correct might be to name it using
> something like source+amd64 as the arch name, which seems like a
> dubious arch, but at least is accurate and mig
Hi Guillem,
On Fri, Mar 02, 2018 at 01:25:51AM +0100, Guillem Jover wrote:
> On Thu, 2018-03-01 at 15:22:30 +, Holger Levsen wrote:
> > On Wed, Jan 24, 2018 at 04:05:39PM +0100, Salvatore Bonaccorso wrote:
> > > Any news regarding this proposal from Ansgar? We were biten now
> > > several time
On Thu, 2018-03-01 at 15:22:30 +, Holger Levsen wrote:
> On Wed, Jan 24, 2018 at 04:05:39PM +0100, Salvatore Bonaccorso wrote:
> > Any news regarding this proposal from Ansgar? We were biten now
> > several times already by this (e.g. php update, curl via
> > security.d.o).
>
> Guilem, what's
On Wed, Jan 24, 2018 at 04:05:39PM +0100, Salvatore Bonaccorso wrote:
> Any news regarding this proposal from Ansgar? We were biten now
> several times already by this (e.g. php update, curl via
> security.d.o).
Guilem, what's your stance on this bug?
We (reproducible builds) really dont want "ou
Hi
On Wed, Jan 24, 2018 at 04:05:39PM +0100, Salvatore Bonaccorso wrote:
> Hello,
>
> On Thu, Oct 19, 2017 at 03:13:15PM +0200, Salvatore Bonaccorso wrote:
> > Hi Ansgar,
> >
> > On Thu, Oct 05, 2017 at 09:01:59PM +0200, Ansgar Burchardt wrote:
> > > Hi,
> > >
> > > > source-only uploads someti
Hi,
On Wed, Jan 24, 2018 at 04:05:39PM +0100, Salvatore Bonaccorso wrote:
> Hello,
>
> On Thu, Oct 19, 2017 at 03:13:15PM +0200, Salvatore Bonaccorso wrote:
> > Hi Ansgar,
> >
> > On Thu, Oct 05, 2017 at 09:01:59PM +0200, Ansgar Burchardt wrote:
> > > Hi,
> > >
> > > > source-only uploads someti
Hello,
On Thu, Oct 19, 2017 at 03:13:15PM +0200, Salvatore Bonaccorso wrote:
> Hi Ansgar,
>
> On Thu, Oct 05, 2017 at 09:01:59PM +0200, Ansgar Burchardt wrote:
> > Hi,
> >
> > > source-only uploads sometimes include a _amd64.buildinfo (or other
> > > architecture). This sometimes causes problem
Hi Ansgar,
On Thu, Oct 05, 2017 at 09:01:59PM +0200, Ansgar Burchardt wrote:
> Hi,
>
> > source-only uploads sometimes include a _amd64.buildinfo (or other
> > architecture). This sometimes causes problems as the amd64 buildd
> > upload will include a file using the same name.
>
> This broke tw
Hi,
> source-only uploads sometimes include a _amd64.buildinfo (or other
> architecture). This sometimes causes problems as the amd64 buildd
> upload will include a file using the same name.
This broke two uploads to the security archive again. That's not great,
so this bug really should be fix
Package: dpkg
Version: 1.18.24
Severity: important
source-only uploads sometimes include a _amd64.buildinfo (or other
architecture). This sometimes causes problems as the amd64 buildd
upload will include a file using the same name.
In particular, it breaks any uploads going to policy queues
(e.g
38 matches
Mail list logo
