When implementing signed kernel packages, I wanted to make the signed image packages (built from linux-signed) take un-suffixed names so that existing procedures to install specific kernel versions would pick the signed packages, and users would be discouraged from installing unsigned packages. This has interacted poorly with dak's handling of 'auto-built' debug symbol packages, as those are built by src:linux but don't include the '-unsigned' suffix in their names. The debug symbol packages are added to the overrides file but are later automatically pruned, so that uploads that don't add new binary packages may still require NEW processing. I think this has to be solved before the stable release. Therefore I intend to rename the binary packages as follows with the next uploads to unstable: - src:linux builds linux-image packages without a name suffix - src:linux-signed builds linux-image packages with a '-signed' suffix - src:linux-latest builds linux-image meta-packages that depend on the '-signed' package where available One alternative could be to build duplicate debug symbol packages in src:linux and src:linux-signed, but that's a big waste of archive space and requires a maintainer to upload the debug symbol packages for one architecture (over 500 MiB per flavour) whenever there's an ABI bump. Please let me know if you have a preference or an alternate solution. (Also, if dak will not be signing packages in time for stretch, src:linux-signed must be removed from testing and the other packages changed accordingly. I *will* *not* personally sign kernels for a stable release.) Ben. -- Ben Hutchings Never attribute to conspiracy what can adequately be explained by stupidity.
Attachment:
signature.asc
Description: This is a digitally signed message part