Hi Ansgar, On 20-05-2019 09:06, Ansgar wrote: > I though about importing the full source to security-master already for > a different reason: `Built-Using` leads to a similar problem as binNMUs > in that uploads require source that is not already present in the > archive. > > It is not necessary to push all sources to the public mirrors. Does this mean you think it is feasible to do/fix this in the near future? >> Another solution already raised by Shengjing is to merge the archives. I >> *guess* that is undesirable due to the fact that the security archive >> often has embargoed sources and binaries. Am I right there? > > That doesn't work as dak doesn't try to keep secrets. There are various > ways information would be leaked about embargoed issues (mails, > database, web interface (rmadison), ...). > > I personally also don't find it too bad to have a fallback: if one of > the hosts is broken at the same time we have to release a critical > update, we can still do so by publishing via the "wrong" archive. Regarding my other direction with wanna-build, I learned yesterday via another bug (#894441 binNMUs should be replaced by easy no-change uploads) that wanna-build is not in the place to fix this because uploads need to be signed. Paul
Attachment:
signature.asc
Description: OpenPGP digital signature