On Thu, Feb 11, 2016 at 03:59:19PM +0300, Dmitry Shachnev wrote: > On Thu, Feb 11, 2016 at 12:36:27PM +0100, Matthias Klose wrote: > > So an existing app package gains a new (universe) dependency on libfoo-dev. > > Builds fine, maybe migrates, and then image builds fail because of the > > libfoo1 component mismatch. Now you can either pre-promote the libfoo, or > > re-upload app without the dependency (if that works). This probably will > > lead to more pre-promotions, and looking at the current back-log of security > > related MIRs the time between build and promotion will increase, making it > > probably harder to revert such a change. > > Maybe we can teach Britney to not migrate the packages to release pocket if > they are uninstallable within their component?
I've looked at this before, but I think it's impractically complicated, unfortunately; britney's not really designed for this kind of multi-layered check. > > I'm a bit worried that we'll then have to chase people to subscribe teams to > > the new packages, write the MIR, ... We'll save some time by not processing > > B-D only MIRs, but I think for the remaining MIRs we'll have to spend more > > time. > > But on the other hand we'll have less MIRs for the build-dep-only stuff, which > is quite common (i.e. the JS minifiers or documentation generators). Yeah, there's definitely a trade-off here but I would disagree with Matthias's assessment; I think it's likely to be for the better. One way to look at this is that having less noise from build-only packages should help to reduce the MIR backlog and make it easier to have timely processing. -- Colin Watson [[email protected]] -- ubuntu-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
