Bug#869184: dpkg: source uploads including _amd64.buildinfo cause problems
Yves-Alexis Perez
corsac at debian.org
Wed Jun 19 07:32:56 BST 2019
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Tue, 2019-06-18 at 21:20 +0200, Mattia Rizzolo wrote:
> That would indeed be a fine workaround for me, and reduce the load the
> security team is experience, since it's the team which is the most
> affect by this.
> (Incidentally, it also is the same way launchpad works, there you can't
> upload a .buildinfo for an arch that you aren't uploading, and humans
> can't upload binaries, so you can't upload .buildinfo for binaries at
> all).
But some tools (at least pbuilder) generate such (meaningful, since there was
a binary build) files. It's already been said earlier but if the uploads are
considered invalid it should be consistent accross the archive (not just on
security-master) and tools should not generate them.
Regards,
- --
Yves-Alexis
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAl0J1xkACgkQ3rYcyPpX
RFsxowgA7bIn+1RfeJ6J7xv7Gxjh+WE5xZGbhOv+sDWgVwkJDiPAiW4tIMKU6qrw
17ghR+m7jo1PNZqr+boDZ851UVQOD5ii4SsyWBbesbMLPn2hNaBZN93El3pe4ni0
EgIeePe2d6wez+zZjiubdKEAZMuf7ezq3+9EuXuQDjSKmWV6PSu90i5/ncl6AByW
/3SWQmt4sgUlr6HoR60B586d3eVVg82Hd/0GQBPinkgyp57G+R4z7HpRTPrYFmM3
QRIkcBhBcvG4FI7AdV/b1ki0iXPvwXrucOTxzBKWoehqFwA3kvJUZf+vBi9I93VW
THIx8duOD0M7VoLNS6ohJHWZ8MyWrg==
=xZJB
-----END PGP SIGNATURE-----
More information about the Reproducible-builds
mailing list