Hi Thorsten, On 25-04-2022 23:47, Thorsten Alteholz wrote:
On Sun, 24 Apr 2022, Paul Gevers wrote:If I understand correctly, if this is only about rebuilds, just request an binNMU with the usual process (reportbug recommended).from my point of view binNMUs are not the right way here.Due to possibly long dependency chains of golang packages, the order of uploads would be important. Trying to keep this order with binNMU bugs seems to be rather error-prone. Especially as the buildds on different architectures work at different rates. What I had in mind was to change the dependencies of all affected packages to versioned dependencies with (>= the new version). So the uploads are not only rebuilds but really new verions of a package.
But if you have the tooling to create such versioned dependencies (and you'd need those to get everything right), than we could use the same tools to add Depwait on the binNMUs and the build order would be correct again.
Your link [1] points at the issues we have with security support *via the security archive*.Yes, but those updates would have the same problem, right? And both have in common that currently there is no tooling available ...
Sure tooling is a big problem, but on top of that a big problem with the security archive is that it doesn't have the sources for packages that have never seen a security upload. Which means we can't even binNMU there in those cases.
Paul
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature