Re: Rebasing Ghostscript to 9.25 for stretch-security and add further security patches (running autopkgtests where available?)

To: Paul Gevers <elbrus@debian.org>
Cc: Debian Security Team <team@security.debian.org>, Jonas Smedegaard <dr@jones.dk>, Debian CI team <debian-ci@lists.debian.org>
Subject: Re: Rebasing Ghostscript to 9.25 for stretch-security and add further security patches (running autopkgtests where available?)
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 5 Nov 2018 16:48:44 +0100
Message-id: <[🔎] 20181105154843.wwprszf3e25wmru3@lorien.valinor.li>
Mail-followup-to: Paul Gevers <elbrus@debian.org>, Debian Security Team <team@security.debian.org>, Jonas Smedegaard <dr@jones.dk>, Debian CI team <debian-ci@lists.debian.org>
In-reply-to: <[🔎] 8e4cf434-2f1d-59b2-fb4d-1ae04de66df4@debian.org>
References: <20181102215757.GA23009@eldamar.local> <[🔎] 8e4cf434-2f1d-59b2-fb4d-1ae04de66df4@debian.org>

Hi Paul,

On Sat, Nov 03, 2018 at 04:31:08PM +0100, Paul Gevers wrote:
> Hi Salvatore,
> 
> [Added the CI-team list instead of the private e-mail of Antonio]

Ack!

> On 02-11-18 22:57, Salvatore Bonaccorso wrote:
> > I would be interested to see if we can get help as well (who?) to get
> > all build-rdeps of ghostscripts rechecked, and are possibly as well
> > some autopkgtests possible? Who can be contacted to do those tests?
> > I do not have the infrastructure available to do those tests.
> 
> I assume you mean bandwidth and CPU power as installing debci should be
> enough to "have the infrastructure". Debian does have AWS credits (that
> is what we are using to run ci.d.n) so one could create a instance just
> for testing this.

Yes, badnwith and CPU power but as well "timewise". I explain: I was
hoping you have already something out of the box where you can trow in
a package, and say in which suite it should be tested.

> > I'm Cc'ing Paul and Antonio in the hope they can help doing such a
> > (even if handcrafted) test for the updated ghostscript packages for
> > stretch specifically.
> 
> We can help a bit. I plan to add stretch to the supported suites on
> ci.d.n soon, because I want to test p-u. However, we can (or better, I
> want) only test what's in official Debian archives. If you can think of
> a proper archive where you could upload the package you want to test,
> I'll try to make time to test it on ci.d.n (but I am keeping an eye on
> the perl transition at the moment).

The problem is I do not feel yet confortable to upload it (and once we
do I we plan to do it via security.d.o so the buildd and embargoed
queues will be not accessible by ci.d.n -- I know there is discussion
on actually going a great step forward and have ci tests as well for
security). My local tests went fine so far, but it is after all a new
upstream import to stable from 9.20~dfsg-3.2+deb9u5 to 9.25 based so
there is some risk potential.

Once I get some more internal testing I will ask users as well via
debian-security list to test and report feedback.

Regards,
Salvatore

Reply to:

References:
- Re: Rebasing Ghostscript to 9.25 for stretch-security and add further security patches (running autopkgtests where available?)
  - From: Paul Gevers <elbrus@debian.org>

Prev by Date: Bug#912914: gap breaks multiple autopkgtests
Next by Date: Bug#913044: hy fails its tests with Python3.7
Previous by thread: Re: Rebasing Ghostscript to 9.25 for stretch-security and add further security patches (running autopkgtests where available?)
Next by thread: Bug#912775: rabbitmq-server 3.7.8-4 fails to start when installed in testing; missing versioned dependency?
Index(es):
- Date
- Thread