Bug#869184: dpkg: source uploads including _amd64.buildinfo cause problems
Salvatore Bonaccorso
carnil at debian.org
Sun Nov 11 07:38:36 GMT 2018
Hi Guillem!
On Fri, Nov 09, 2018 at 11:48:27AM +0100, Guillem Jover wrote:
> Hi!
>
> On Thu, 2018-11-08 at 20:28:57 +0000, Holger Levsen wrote:
> > On Thu, Nov 08, 2018 at 09:24:01PM +0100, Salvatore Bonaccorso wrote:
> > > We were again biten by this issue for some security-updates (most
> > > recent one nginx). Do any involved parties know, was there any
> > > progress in adressing this problem?
>
> Sorry, had your earlier mail from July marked for reply, but it seems
> I missed that. :/
>
> > in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869184#40 Guillem
> > wrote:
> >
> > Perhaps the simplest and more correct might be to name it using
> > something like source+amd64 as the arch name, which seems like a
> > dubious arch, but at least is accurate and might be trivial to
> > implement, taking care of not ending up with such fake arch in
> > unexpected places…
> >
> > and I cannot find anything wrong with this simple solution and have
> > already asked Guillem in August to implement this ;)
>
> So, as I mentioned at the time this would require modifing the internal
> filtering of the debian/files entries to cover this case in several of
> the tools. It also modifies the documented filename pattern in
> deb-buildinfo(5). This is all solvable and I should probably just do it.
> But this breaks previous public filename "interfaces", seems rather
> intrusive, and entirely inappropriate for a stable update, which means
> it would not fix your immediate problems anyway, only starting with
> Buster. :/
Although this would not help us for stretch-security uploads, such a
move starting from buster would be very appreciated!
Thanks a lot for your time investing in it, very much appreicated.
Regards,
Salvatore
More information about the Reproducible-builds
mailing list