Re: New buster-lts upload of shim
Utkarsh,
On Tue, Jan 31, 2023 at 08:00:30PM +0000, Steve McIntyre wrote:
> On Wed, Feb 01, 2023 at 01:18:46AM +0530, Utkarsh Gupta wrote:
> >Hi Steve,
> >
> >On Tue, Jan 31, 2023 at 11:43 PM Salvatore Bonaccorso <carnil@debian.org> wrote:
> >> > I've just uploaded a new shim update for buster, based on the latest
> >> > update in unstable today. Please accept it quickly so we can get the
> >> > binaries out and signed ASAP?
> >>
> >> The upload is already accepted, but I'm including as well the LTS list
> >> for information (as the update should be accompanied with a DLA
> >> describing the update).
> >
> >Thank you for the upload. I can prepare the paperwork but can you
> >point out what bugs we're fixing in this update? I need to write
> >something in the advisory. :)
>
> It will eventually (once we get the signed version through) fix a few
> bugs, such as (skimming the BTS):
>
> * #995940
> * #995155
>
> and maybe others. More importantly, it's needed to keep us updated
> with recent shim requirements so Secure Boot will continue to
> work. Our older shim binaries are at risk of being blocked soon-ish.
>
> I'd be tempted to hold back on the DLA and write a single one for shim
> and shim-signed when that turns up.
Some helpful context might be here: https://lists.debian.org/debian-boot/2023/01/msg00221.html
For the DLA, I think the situation is very similar to grub or linux,
only for the main source package the advisory is actually issued, but
not for the signed packages (but I might have missunderstood what you
wanted to propose).
Regards,
Salvatore
Reply to: