Hi Holger, > official builds are never build with DEB_BUILD_OPTIONS=nocheck thus we > need to disable the tests in d/rules with an > > override_dh_auto_test: > : > > block. Thanks for the heads-up. Just applied and pushed your patch [1], re-built successfully, and re-uploaded to mentors [2]. > Do you think it makes sense to upload 0.11.3-2 as that or should we wait > for 0.11.4-1 with the tests?If possible, I'd prefer to upload 0.11.3-1 w/o the tests. The next securesystemslib release that adds the tests also makes some minor but backwards incompatible API changes, so we'd also have to first make a new in-toto release, before we upload in-toto (it doesn't pin its securesystemslib dependency). And since we are making good progress on the rebuilder setup [2], it would be very nice to test it with the real in-toto/securesystemslib debian packages soon. Also, it feels like bumping the downstream release as soon as there is a new upstream release should be quite easy. Especially if the new releases add comprehensive testing. What do you think? Cheers, Lukas [1] https://github.com/secure-systems-lab/securesystemslib/commit/0bd1dbac88fb4c4c7cd30845cb777fa6002ae699 [2] https://mentors.debian.net/package/python-securesystemslib [3] https://salsa.debian.org/reproducible-builds/debian-rebuilder-setup > > ------------------------------------------------------------------------------- > holger@(debian|reproducible-builds|layer-acht).org > PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C > -- lukas.puehringer@nyu.edu PGP fingerprint: 8BA6 9B87 D43B E294 F23E 8120 89A2 AD3C 07D9 62E8
Attachment:
signature.asc
Description: OpenPGP digital signature