Hi,
We're in the process of setting up a policy queue for buster-security. That
means that uploads to buster-security will end up in the policy queue, and get
built there. Once things are ready (builds have happened, tests have been done,
etc) the update can be released to buster-security and the DLA can be sent out.
The benefits of doing this are that builds will happen before the actual
security update is out, which will help in case a build failure is encountered.
autopkgtests on rdeps will also be run (this still needs to be set up after the
queue is enabled), so that if you are uploading a library, you can see if the
autopkgtests for rdeps still pass before the security update is actually out.
In order to release (or reject) an update from the policy queue, a GPG-signed
command needs to be sent to security-master. However to simplify that, Helmut
has written a dcut plugin for dput-ng. I'll let him post that. Once that plugin
is fully stable, the plan is to get it into dput-ng and then backport it as needed.
I'll send more updates as the queue is set up, which may take some time as it
needs coordination from various teams.
Cheers,
Emilio
- Policy queue in buster-security Emilio Pozuelo Monfort
-
