[Pkg-javascript-devel] Bug#1074059: bookworm-pu: package nodejs/18.19.0+dfsg-6~deb12u2
Andres Salomon
dilinger at queued.net
Wed Jul 3 22:04:10 BST 2024
On 6/25/24 16:34, Jérémy Lal wrote:
>
>
> Le mar. 25 juin 2024 à 22:22, Salvatore Bonaccorso <carnil at debian.org
> <mailto:carnil at debian.org>> a écrit :
[...]
>
> Thanks a lot for your work Adrian. Please note that there is currently
> a nodejs upload pending for releasing via a DSA, which will rebase
> nodejs to 18.20.3+dfsg-1~deb12u1 so this might invalidate those
> changes.
>
> Jérémy, Aron is that something you want to have included in your
> prepared update?
>
>
> Indeed, it's applied to 18.20.3+dfsg-1~deb12u1, along with other skipped
> tests.
> I'll resume work on this by the end of the week.
>
While we wait for this, is there any reason to keep the existing
18.20.3+dfsg-1~deb12u1 upload in the embargoed security queue? Security
packages are actively building against it, which is a bit of a problem
for reproducibility. Someone actually asked me about oddities in the
chromium package that was originally built for bookworm-security, and
now sits in the 12.6 point release. It turns out that it built against
the embargoed nodejs, but since that nodejs package was never released,
they can't use it to reproduce the chromium in 12.6.
If there's a new nodejs bookworm-security package being uploaded at some
point and the currently embargoed nodejs package will never be released,
perhaps we should REJECT it now?
--
I'm available for contract & employment work, see:
https://spindle.queued.net/~dilinger/resume-tech.pdf
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-javascript-devel/attachments/20240703/131c0c70/attachment.sig>
More information about the Pkg-javascript-devel
mailing list