Re: Security releases for ecosystems that use static linking

To: Santiago Ruano Rincón <santiago@freexian.com>
Cc: team@security.debian.org, debian-release@lists.debian.org, debian-wb-team@lists.debian.org, debian-lts@lists.debian.org
Subject: Re: Security releases for ecosystems that use static linking
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Fri, 22 Dec 2023 09:54:45 +0100
Message-id: <[🔎] 20231222085445.GA15864@inutil.org>
In-reply-to: <[🔎] ZYS8m6r1SSi4ycIU@novelo>
References: <[🔎] ZYS8m6r1SSi4ycIU@novelo>

On Thu, Dec 21, 2023 at 07:30:51PM -0300, Santiago Ruano Rincón wrote:
> So let me ask you: are you interested in addressing the infrastructure
> limitations to handle those kind of packages? and having some help for
> that?

Foremost this is an infrastructure limitation that needs to be resolved:
security-master and ftp-master use separate dak installations, which makes
binNMUs in the current form untenable since every package would need a
source-fule upload first (the same reason why currently the first upload
of a package to foo-security needs a sourceful upload).

One solution which has been discussed in the past is to import a full copy
of stable towards stable-security at the beginning of each release cycle,
but that is currently not possible since security-master is a Ganeti VM
and the disk requirements for a full archive copy would rather require
a baremetal host.

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Re: Security releases for ecosystems that use static linking
  - From: Santiago Ruano Rincón <santiago@freexian.com>

References:
- Security releases for ecosystems that use static linking
  - From: Santiago Ruano Rincón <santiago@freexian.com>

Prev by Date: Security releases for ecosystems that use static linking
Next by Date: Re: Security releases for ecosystems that use static linking
Previous by thread: Security releases for ecosystems that use static linking
Next by thread: Re: Security releases for ecosystems that use static linking
Index(es):
- Date
- Thread