How to handle back-to-back firefox-esr uploads
Yesterday, 7th June, I uploaded firefox-esr_68.9.0esr-1~deb8u1 to
jessie-security. The binary package I built and uploaded was for amd64.
It is known that the armhf/armel built has been broken (I think because
of a problem with the supporting toolchain), but the i386 build has been
OK. However, my upload yesterday failed on i386. It had to do with how
the system was detected for rust*.
After fixing the i386 build, which required a source change, I now have
a new revision to upload: firefox-esr_68.9.0esr-1~deb8u2. However, I
have not published a DLA for the first upload. This seems like it might
fall into a grey area since the first upload is technically a regression
of sorts, but without a published first advisory, it doesn't seem to
make sense to publish a typical regression advisory.
My intent is to upload firefox-esr_68.9.0esr-1~deb8u2 once the build is
complete and then go through the normal DLA reservation/publication
process with a version number of 68.9.0esr-1~deb8u2 (once the amd64
buildd completes its job successfully). I will use the advisory text
from DSA 4695-1 (the corresponding DSA for firefox-esr in stable and
oldstable) and add a note that 68.9.0esr-1~deb8u1 was the first version
to actually contain the referenced fixes. Should I include in the note
anything about the reason for the ~deb8u2 revision relating to the
build? Any other suggestions on what I should include/not include?
* Details: Between FF 68.8.0 and 68.9.0, the generation/detection of the
system triplet for the rust part of the build was "improved". The
result was that for builds up to 68.8.0 the system was detected as
i686-unknown-linux-gnu and after the change the system was detected as
i586-unknown-linux-gnu. This caused the build to fail. A quick
search confirmed that rust does not officially support i586-* targets
and this was consistent with the error output of the build. According
to debian/changelog, it was necessary to force the target of the rust
build to i686-* as far back as when FF 51 was packaged for Debian.
The mechanics are somewhat different, but I was able to figure out a
straightforward way of transforming i586-* to i686-*. The i386 build
is in progress on my development machine as I write this, but seems
well on the way to completing successfully.
Roberto C. Sánchez