Hi Christoph, On Sat, Oct 29, 2022 at 12:36:01AM +0200, Christoph Anton Mitterer wrote: > Hey Salvatore. > > On Fri, 2022-10-28 at 06:49 +0200, Salvatore Bonaccorso wrote: > > I did decide to still do so, so we can have the CVE fix migrate > > finally to testing (which took some time as well given there was the > > perl transition ongoing). > > Fine for me... I think it would be nice if there was a better mechanism > to have bugs shown in apt-listbugs out of the box, while still not > preventing migration to testing.
There is one, involving the release team that they can force a specific version. In fact I was offlist in contact with Sebastian Ramacher from the release team who could have done so. In the end the src:linux was able to migrate on the next run, so downgrading the bug severity was the quickest action without need to let a release team emmber intervene. In the end, yes, the cleanest solution, assuming kernel-team considered the bug a RC bug, it would have been the right solution to just ask the release team to force the migration despite of the RC bug. > Oh and another off-topic thing: > > Right now the kernel image meta-packages depend on the (secure boot) > signed version of that... and it seems that these take always longer to > be available than the unsigned ones. > > However, if people want the nice service to have linux-image-amd64 > installed and pull in just the current package, they need to wait for > the signed one to become available - even if they don't use secure boot > at all. > > So question is,.. would it make sense to request that linux-image-amd64 > depends on the signed | unsigned version? No unfortunately we cannot do that. The reason is similar to what lead to https://salsa.debian.org/kernel-team/linux/-/commit/248736d493fcfd0e05cd23f97befe40f5c125c71 or caused bugs like #916927. In meanwhile furthermore linux-image-amd64 is anyway not anymore from a separate metapackage but built from linux-signed-amd64. The signed packages need always longer as this needs action of signing them trough a seprate manual process of ftp-masters. > > I did import already 6.0.5 and will upload next so we get the btrfs > > fix. And I have made the bug now as well again back RC severity. > > Thanks as always for your continued efforts. Thank you for those encouraging words! Salvatore
