Bug#901814: stretch-pu: package monkeysign/2.2.3

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 901814@bugs.debian.org
Cc: Julien Cristau <jcristau@debian.org>
Subject: Bug#901814: stretch-pu: package monkeysign/2.2.3
From: Antoine Beaupré <anarcat@debian.org>
Date: Mon, 03 Dec 2018 09:51:05 -0500
Message-id: <[🔎] 87efaywtnq.fsf@curie.anarc.at>
Reply-to: Antoine Beaupré <anarcat@debian.org>, 901814@bugs.debian.org
In-reply-to: <[🔎] db74db67558463e2f204c086a92fb4fe@mail.adam-barratt.org.uk>
References: <152934457146.16961.13965414778120428445.reportbug@curie.anarc.at> <[🔎] 20181203071647.GP28494@tomate.cristau.org> <152934457146.16961.13965414778120428445.reportbug@curie.anarc.at> <[🔎] 87k1kqwuyc.fsf@curie.anarc.at> <[🔎] db74db67558463e2f204c086a92fb4fe@mail.adam-barratt.org.uk> <152934457146.16961.13965414778120428445.reportbug@curie.anarc.at>

On 2018-12-03 14:37:03, Adam D. Barratt wrote:
> On 2018-12-03 14:23, Antoine Beaupré wrote:
>> On 2018-12-03 08:16:47, Julien Cristau wrote:
>>> Control: tag -1 confirmed
>>> 
>>> On Mon, Jun 18, 2018 at 01:56:11PM -0400, Antoine Beaupre wrote:
>>>> diff -Nru monkeysign-2.2.3/debian/changelog 
>>>> monkeysign-2.2.4/debian/changelog
>>>> --- monkeysign-2.2.3/debian/changelog	2017-01-24 15:40:35.000000000 
>>>> -0500
>>>> +++ monkeysign-2.2.4/debian/changelog	2018-06-18 12:18:46.000000000 
>>>> -0400
>>>> @@ -1,3 +1,14 @@
>>>> +monkeysign (2.2.4) unstable; urgency=medium
>>>> +
>>>> +  [ Tobias Rueetschi ]
>>>> +  * false isn't defined, that must be False
>>>> +
>>>> +  [ Antoine Beaupré ]
>>>> +  * actually send multiple emails instead of a single one
>>>> +  * CVE-2018-12020: add no verbose to avoid fake signatures
>>>> +
>>>> + -- Antoine Beaupré <anarcat@debian.org>  Mon, 18 Jun 2018 12:18:46 
>>>> -0400
>>>> +
>>>>  monkeysign (2.2.3) unstable; urgency=medium
>>>> 
>>>>    [ Simon Fondrie-Teitler ]
>>> 
>>> This would need to be versioned as 2.2.3+deb9u1.
>> 
>> But it's exactly the 2.2.4 release published to unstable - why the
>> different version number?
>
> Because, as you say, a package with the version "2.2.4" has already been 
> uploaded to Debian. One can't have a different package in stable and 
> unstable with the same version number.

Sure you can. If a package is not updated between the time the unstable
package trickles down into testing and then becomes table, it will have
the exact same version number and binary builds.

> (It's not "exactly the same" - the stretch upload will be built in a 
> stretch chroot, so may well end up with different dependencies. At the 
> very least, it needs a d/changelog entry detailing that it was uploaded 
> to stable, which makes it different from the unstable upload.)

It seems quite strange to me to have to rebuild a package with a
different version number in this very specific case. Monkeysign is in
maintenance mode now and the only reason I did this release with that
specific numbering scheme is specifically targeting Debian stable.

First I was told to upload it to unstable before uploading it to stable,
and now I am told the 2.2.4 release cannot be uploaded to stable. I hope
you understand I might find the process a tad confusing. :)

A.

Reply to:

Follow-Ups:
- Bug#901814: stretch-pu: package monkeysign/2.2.3
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

References:
- Bug#901814: stretch-pu: package monkeysign/2.2.3
  - From: Julien Cristau <jcristau@debian.org>
- Bug#901814: stretch-pu: package monkeysign/2.2.3
  - From: Antoine Beaupré <anarcat@debian.org>
- Bug#901814: stretch-pu: package monkeysign/2.2.3
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Bug#901814: stretch-pu: package monkeysign/2.2.3
Next by Date: Bug#901814: stretch-pu: package monkeysign/2.2.3
Previous by thread: Bug#901814: stretch-pu: package monkeysign/2.2.3
Next by thread: Bug#901814: stretch-pu: package monkeysign/2.2.3
Index(es):
- Date
- Thread