Brad Figg [2010-12-04 8:30 -0800]: > As I tried to explain in my previous reply. This is done because the -proposed > uploads also contain CVEs. Once the -proposed passes our verefication, > certification > and regression testing and is ready to go to -updates, it can also be pocket > copied to -security. It is my understanding that had we built this in the > normal manner, the resulting package could not be just copied to the -security > pocket.
This is an issue for non-kernel SRUs, as they might be built against libraries in -proposed with new symbols which aren't yet available in -updates. As the kernel doesn't have runtime dependencies, this case can't happen. The only corner case that I can see for this is if we have a new toolchain bit in -proposed (like gcc or libtool) which isn't verified yet, so that the new kernel gets built with that. This happens very seldomly, though, and I don't think it's an important enough case to warrant making the normal kernel review process a lot harder? Thanks, Martin -- Martin Pitt | http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org) -- technical-board mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/technical-board
