On 12/04/2010 02:24 AM, Martin Pitt wrote: > Hello Brad, > > Brad Figg [2010-12-03 8:13 -0800]: >> We are building using a non-virtualized ppa builder which is configured >> to only have a build dependency for -security in the same manner that >> the security team builds with. > > So, frankly I still don't quite see why this two-staged approach is > necessary now, but if it works better for you, then ok. However, as I > said we need to reenginer the review tools to work with PPAs first. > > Martin
Martin, As I tried to explain in my previous reply. This is done because the -proposed uploads also contain CVEs. Once the -proposed passes our verefication, certification and regression testing and is ready to go to -updates, it can also be pocket copied to -security. It is my understanding that had we built this in the normal manner, the resulting package could not be just copied to the -security pocket. Maybe part of the problem here is that I'm not explaining it clearly. Brad -- Brad Figg [email protected] http://www.canonical.com -- technical-board mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/technical-board
