Bugs introduced by source uploads

To: Debian LTS <debian-lts@lists.debian.org>
Subject: Bugs introduced by source uploads
From: Sylvain Beucler <beuc@beuc.net>
Date: Fri, 9 Oct 2020 09:37:03 +0200
Message-id: <[🔎] e44e974f-464f-f2c4-90c7-397fe64cf0e7@beuc.net>

Hi,

DLA 2332-2 (sane-backends) [1] is a regression that happened due to
changing the upload process between the last archive upload and our
first security upload, from a developer arch+indep build followed by
buildd arch builds, to a buildd-only separate arch and indep builds [2].

[1] https://lists.debian.org/debian-lts-announce/2020/10/msg00010.html
[2]
https://buildd.debian.org/status/package.php?p=sane-backends&suite=stretch-security

It is particularly difficult to catch, because it can only be detected
after the security upload, while our testing (obviously) happens before.

To help detect this ahead of time, I modified and tested the recommended
build procedures at:
https://wiki.debian.org/LTS/Development#Build_the_update
to perform split arch and indep builds.

Cheers!
Sylvain

Reply to:

Follow-Ups:
- Re: Bugs introduced by source uploads
  - From: Holger Levsen <holger@layer-acht.org>

Prev by Date: Re: golang-go.crypto / CVE-2019-11841
Next by Date: Re: golang-go.crypto / CVE-2019-11841
Previous by thread: Re: [security tracker role] Processing a16b55300564d69f4c3d37a0c84cc41bf9b5638b failed
Next by thread: Re: Bugs introduced by source uploads
Index(es):
- Date
- Thread