On Wed, Mar 03, 2021 at 10:52:39AM +0100, Ansgar wrote:
Source: grub2
Version: 2.04-16
Severity: normal
X-Debbugs-Cc: ftpmaster@debian.org, debian-release@lists.debian.org
grub2 currently uses grub-efi-signed-* as source package names for the
Secure Boot signed packages. While releasing the last security update
we found a small issue with these names:
dak processes source packages in lexiographic order, so it would
process grub-efi-signed-* before grub2 when accepting all packages at
once from the "embargoed" policy queue. But the grub-efi-signed-*
binary packages have Built-Using: grub2; as grub2 is not accepted from
embargoed at this point in time, the /binary/ uploads will be rejected
in this case. (This problem exists in principle with all Built-Using
relations.)