Make stable-security build logs public after embargo
Hello Wanna-build team,
I'm part of the Debian LTS Team, and along with the Security Team, we're
looking into making embargo'd build logs eventually public.
See https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/51
Typical use case: when the LTS Team is working on the first LTS security
upload for buster-security, the previous build logs are not available,
while they are critical to interpret any new build failure.
This also improves the overall transparency of the Debian project.
So we'd like to make the stable-security build logs eventually public,
preferably early. One approach is to make the build logs available
through https://buildd.debian.org/status/package.php on package release
(when the embargoes for the package and possibly its dependencies are
lifted, and the new packages are publicly distributed by Debian).
Another more straightforward approach, but way more delayed, is to make
these build logs available in batch, when handing over oldstable to the
LTS team.
Note: the new lts (buster-security) build logs are already made public,
here we're targeting future-lts (bullseye-security) build logs.
Currently we're not entirely sure on how build logs are injected to the
buildd.debian.org/status/package.php service, so we're contacting you to
determine how feasible this is. Typically:
- Locate and identify publishable logs (in e-mail archives on master?)
- Trigger the publication at the right time (dak hook?)
I also volunteer to spend some time on the implementation, as part of my
work on LTS.
Do you think this can be achieved, and how?
Cheers!
Sylvain Beucler
Debian LTS Team
Reply to: