Re: testing security uploads to bookworm-security
On Mon, Mar 06, 2023 at 10:17:04PM +0100, Paul Gevers wrote:
> Dear security team,
>
> It's the time of the season to ask you to consider testing that the next
> security suite is working as intended. In our checklist [1] it's mentioned
> to coordinate with you an upload to bookworm-security to confirm the build
> happens as expected. The checklist goes on to suggest a check that also a
> package needing signing works.
>
> I recall Ivo and Salvatore coordinated that on IRC for bullseye although I
> can't find it in the logs. Can I be of any assistance?
For bookworm-security I could prepare an update for CVE-2021-26825/CVE-2021-26826,
it's fixed in sid, but the current version is blocked by FTBFS errors (#1031132).
The security fixes don't matter that much, but it would be a fine test.
For the signed infra, not sure what we used for bullseye, we could do a linux
upload maybe, have it built and get signed in the private queue and then reject it?
That would test the whole signing workflow, and the release part after that is the
same as for a non-signed update. Salvatore, thoughts?
Cheers,
Moritz
Reply to: