Hi all, I was looking at the TODO item about maintainer built binaries. The simplest way to discard maintainer built binaries appears to be that any sourceful uploads should get any associated binaries ignored. This should make NEW work the same as it does now, make almost all binary uploads come from buildds but not block maintainers from doing binary-only uploads where maintainer-built binaries are needed, such as for language bootstrap after NEW processing or later where needed. I think the right way to implement that is that the ArchiveUpload _install_to_suite function that installs an upload to a suite should ignore such binaries when the discard binaries option is on. Do we want to keep the maintainer-built binaries somewhere for future audit purposes such as to enforce reproducible builds? Do we want to flag the maintainer-built binary-only uploads for future audit purposes such as to ensure they are only used for bootstrap? Do we want to disallow maintainer-built binary-only uploads by DMs? My initial WIP patch is here, am I on the right track with this? https://salsa.debian.org/pabs/dak/commits/discard-binaries -- bye, pabs https://wiki.debian.org/PaulWise
Attachment:
signature.asc
Description: This is a digitally signed message part