On Thu, Aug 27, 2020 at 11:31:36AM +0200, Clément Hermann wrote:
> >>> On Wed, Aug 26, 2020 at 12:39:36PM +0200, Clément Hermann wrote:
> >>> > - a way for dak to get the orig tarball from main archive when
> >>> it's not
> >>> > already in the security archive (or at least, as a workaround, a
> >>> way to
> >>> > find and upload all needed source easily)
> >>>
> >>> As soon as you stop emitting Built-Using, this problem is gone.
> >>> Except
> >>> of course for the cases that actually needs them, which is mainly GPL
> >>> and Apache licensed software.
It is still needed even if you stop using Built-Using. If a Go library is
updated
(and similar for Rust) reverse dependencies needs to be rebuilt and
security-master
and ftp-master don't share tarballs. The first time a package is built for a
suite (e.g. buster-security) it currently needs an uplaod with includes the
orig tarball (i.e. building with -sa).
Obviously this doesn't scale at all for binNMUing lots of rdeps. So we need
a fix in dak/security-master so that it fetches the orig source from ftp-master
(or a similar solution).
Quoting from the original mail:
> Can we take opportunity of Debconf20 to set up an ad-hoc session and
> talk about the best way forward to fix this ?
I think an IRC session would work best, but not sure what exact input you need?
For dak implementation questions this needs some FTP master input.
Cheers,
Moritz
