maintainer built binary package in stable release, still (Re: Bug#1054401: bookworm-pu: package nagios-plugins-contrib/42.20230308+deb12u1)
Adrian Bunk
bunk at debian.org
Thu Dec 7 21:00:13 GMT 2023
On Thu, Dec 07, 2023 at 09:38:47PM +0100, Salvatore Bonaccorso wrote:
>...
> Hmm technically likely right, but in security we cannot very well
> handle the binNMUs (only if the source is already present there,
> otherwise ftp-masters need to inject the sources first).
>
> This is related to
> https://wiki.debian.org/DebianSecurity/AdvisoryCreation/SecFull?highlight=%28gen-DSA%29#BinNMUs
> and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823820 (well
> more broadly to have source available).
This shouldn't be a problem here, we are talking about binNMUs
immediately after sources+binaries had been uploaded to security.[1]
And the most common case (e.g. cacti or jtreg6) is that the uploads to
security should have been source-only, AFAIK uploads to security-stable
do not hit NEW when the source and binary packages are already in stable.
> Regards,
> Salvatore
cu
Adrian
[1] assuming no binary-all packages are involved
More information about the Reproducible-builds
mailing list