Re: Go issues wrt. Debian infrastructure: moving forward
On 26/08/2020 13:22, Reinhard Tartler wrote:
>
>
> On Wed, Aug 26, 2020 at 7:09 AM Bastian Blank <waldi@debian.org
> <mailto:waldi@debian.org>> wrote:
>
> Hi Clement
>
> On Wed, Aug 26, 2020 at 12:39:36PM +0200, Clément Hermann wrote:
> > - a way for dak to get the orig tarball from main archive when
> it's not
> > already in the security archive (or at least, as a workaround, a
> way to
> > find and upload all needed source easily)
>
> As soon as you stop emitting Built-Using, this problem is gone. Except
> of course for the cases that actually needs them, which is mainly GPL
> and Apache licensed software.
>
> That's surprising, it seems I must be missing some specifics about how
> dak handles Built-Using specifically. I skimmed through the dak source
> code, but nothing strikes out to me specifically about this particular
> point.
>
> can you please help me fill in the gaps here?
I have to admit I don't really get it either. We will migrate away from
Built-Using, probably using something like rust is using
(X-Go-Built-Using). However, packages are still built statically, and
still need to be binNMUed when a build-depends has a security update.
Did I misunderstand the issue with dak and orig tarballs not in security
archive yet?
(note: adding back the CC-ed list, sorry for cross posting but this
still belong at least in debian-release IMO)
--
nodens
Reply to: