Bug#869184: dpkg: source uploads including _amd64.buildinfo cause problems
Salvatore Bonaccorso
carnil at debian.org
Wed Jun 19 07:39:50 BST 2019
Hi Ansgar,
On Tue, Jun 18, 2019 at 09:03:23PM +0200, Ansgar Burchardt wrote:
[...]
> > Sure, I understand that things works like that, I'm just showing a few
> > design points that could potentially be done differently.
>
> We could also just not accept .buildinfo uploads when they don't contain
> useful information about published binaries, that is for source-only
> uploads.
>
> Maybe I should reenable the check for this at least on security-master?
> It was rejecting uploads that are okay for unstable/experimental so I
> disabled it again the last time.
Thank you I think that would be a good compromise. Source-only uploads
remain possible for security uploads, and ftp-masters and security
team members do not need to roundtrip reuploading binary builds
(download, rename, resign ... reupload) and instead uploads which
contain a buildinfo file rejected giving the uploader a explanation
why, and the possiblity to just reupload a "proper" source only one.
Regards,
Salvatore
More information about the Reproducible-builds
mailing list