Discarding uploaded binary packages

To: debian developers <debian-devel@lists.debian.org>
Subject: Discarding uploaded binary packages
From: Michael Gilbert <mgilbert@debian.org>
Date: Mon, 15 Oct 2012 22:59:27 -0400
Message-id: <[🔎] CANTw=MNag1=MZG3GiUCyGXsVRBjDKc62_WNLYHP5juXo=_4AGw@mail.gmail.com>

I know this subject has been discussed on and off in the past, but
there's new evidence that it's simply the right thing to do.

Due to changes in upstream's build system, isc-dhcp recently started
including build system paths in dhclient's search path.  This got a
security identifier, and we've fixed it, but really the only
architecture affected was the one I built and uploaded.  All of the
packages built on the buildds were not since the PATH was something in
/build vs. a home dir.  Also, Ubuntu was not affected since all of
their packages go through their buildds.  Details in:
http://bugs.debian.org/690532

Anyway, all of these build system path sanitization issues can be
eliminated by using the buildds for all architectures, since paths
will start with at least /build that requires root-level action to
exist on users' systems.

So, are we ready to do this?

Best wishes,
Mike

Reply to:

Follow-Ups:
- Re: Discarding uploaded binary packages
  - From: olivier sallou <olivier.sallou@gmail.com>
- Re: Discarding uploaded binary packages
  - From: Stefano Zacchiroli <zack@debian.org>
- Re: Discarding uploaded binary packages
  - From: Joerg Jaspert <joerg@debian.org>
- Re: Discarding uploaded binary packages
  - From: "Bernhard R. Link" <brlink@debian.org>

Prev by Date: Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
Next by Date: Re: Discarding uploaded binary packages
Previous by thread: Bug#690593: ITP: 2mandvd -- Video DVD creator
Next by thread: Re: Discarding uploaded binary packages
Index(es):
- Date
- Thread