Policy queue in buster-security

To: Debian LTS <debian-lts@lists.debian.org>
Subject: Policy queue in buster-security
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Tue, 28 Nov 2023 09:57:19 +0000
Message-id: <[🔎] a2207c32-4710-4dea-9eff-2796452f22f0@debian.org>

Hi,

We're in the process of setting up a policy queue for buster-security. Thatmeans that uploads to buster-security will end up in the policy queue, and getbuilt there. Once things are ready (builds have happened, tests have been done,etc) the update can be released to buster-security and the DLA can be sent out.

The benefits of doing this are that builds will happen before the actualsecurity update is out, which will help in case a build failure is encountered.autopkgtests on rdeps will also be run (this still needs to be set up after thequeue is enabled), so that if you are uploading a library, you can see if theautopkgtests for rdeps still pass before the security update is actually out.

In order to release (or reject) an update from the policy queue, a GPG-signedcommand needs to be sent to security-master. However to simplify that, Helmuthas written a dcut plugin for dput-ng. I'll let him post that. Once that pluginis fully stable, the plan is to get it into dput-ng and then backport it as needed.

I'll send more updates as the queue is set up, which may take some time as itneeds coordination from various teams.


Cheers,
Emilio

Reply to:

Follow-Ups:
- Re: Policy queue in buster-security
  - From: Ben Hutchings <ben@decadent.org.uk>

Prev by Date: Re: Fixing CVEs fixed in ELA-909-1/DLA-3513-1 in (old)stable
Next by Date: Re: MediaWiki on buster
Previous by thread: Re: Fixing CVEs fixed in ELA-909-1/DLA-3513-1 in (old)stable
Next by thread: Re: Policy queue in buster-security
Index(es):
- Date
- Thread