Utkarsh, On Tue, Jan 31, 2023 at 08:00:30PM +0000, Steve McIntyre wrote: > On Wed, Feb 01, 2023 at 01:18:46AM +0530, Utkarsh Gupta wrote: > >Hi Steve, > > > >On Tue, Jan 31, 2023 at 11:43 PM Salvatore Bonaccorso <car...@debian.org> > >wrote: > >> > I've just uploaded a new shim update for buster, based on the latest > >> > update in unstable today. Please accept it quickly so we can get the > >> > binaries out and signed ASAP? > >> > >> The upload is already accepted, but I'm including as well the LTS list > >> for information (as the update should be accompanied with a DLA > >> describing the update). > > > >Thank you for the upload. I can prepare the paperwork but can you > >point out what bugs we're fixing in this update? I need to write > >something in the advisory. :) > > It will eventually (once we get the signed version through) fix a few > bugs, such as (skimming the BTS): > > * #995940 > * #995155 > > and maybe others. More importantly, it's needed to keep us updated > with recent shim requirements so Secure Boot will continue to > work. Our older shim binaries are at risk of being blocked soon-ish. > > I'd be tempted to hold back on the DLA and write a single one for shim > and shim-signed when that turns up.
Some helpful context might be here: https://lists.debian.org/debian-boot/2023/01/msg00221.html For the DLA, I think the situation is very similar to grub or linux, only for the main source package the advisory is actually issued, but not for the signed packages (but I might have missunderstood what you wanted to propose). Regards, Salvatore
