This bug was fixed in the package bind-dyndb-ldap -
11.9-5ubuntu0.22.04.3
---------------
bind-dyndb-ldap (11.9-5ubuntu0.22.04.3) jammy-security; urgency=medium
* No-change rebuild for bind9 security update.
-- Marc Deslauriers <marc.deslauri...@ubuntu.com> Wed, 20 Sep 2023
15:58:12 -0400
** Changed in: bind-dyndb-ldap (Ubuntu Jammy)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of FreeIPA,
which is subscribed to bind-dyndb-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/2032650
Title:
Add DEP8 tests for bind-dyndb-ldap integration
Status in bind-dyndb-ldap package in Ubuntu:
Fix Released
Status in bind9 package in Ubuntu:
Fix Released
Status in bind-dyndb-ldap source package in Jammy:
Fix Released
Status in bind9 source package in Jammy:
In Progress
Status in bind-dyndb-ldap source package in Lunar:
Fix Committed
Status in bind9 source package in Lunar:
In Progress
Status in bind-dyndb-ldap source package in Mantic:
Fix Released
Status in bind9 source package in Mantic:
Fix Released
Bug description:
[ Impact ]
bind-dyndb-ldap breaks very frequently with bind9 updates. Both must
have DEP8 tests so these breakages can be caught before a release.
[ Test Plan ]
For both packages, the test plan consists in having the new dyndb-ldap
DEP8 test run and succeed.
[ Where problems could occur ]
With this new DEP8 change, a bind9 update can be blocked by a bind-dyndb-ldap
failure to build or run with it.
While this is exactly the intent (not leave a broken bind-dyndb-ldap
package in the release), there is a history indicating that bind-
dyndb-ldap can be late in catching up to bind9 changes. We may reach a
situation where an important bind9 security update, for example, will
be blocked by a failing dyndb-ldap test, and it may be difficult to
fix bind-dyndb-ldap in time, specially if the security update is under
embargo and the bind-dyndb-ldap developers do not yet have details of
the changes.
[ Other Info ]
The same test is to be applied to the bind9 package, and is already in
mantic. But SRUs for DEP8 changes only are frowned upon, so the plan is to
upload it to proposed and block it there, but AFTER bind-dyndb-ldap has been
released.
The tight coupling between bind9 and bind-dyndb-ldap is problematic
(see [1], [2] and [3]). The moment a new bind9 hits proposed with this
test, it fill fail until a new bind-dyndb-ldap is rebuilt with that
proposed version.
One option would perhaps to accept a one-time DEP8-only change for
bind9, so that we can upload both packages together, instead of
leaving this in proposed with a blocking tag, to be picked up by the
next bind9 "real" update?
1. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014503
2. https://pagure.io/bind-dyndb-ldap/issue/225
3. https://salsa.debian.org/dns-team/bind9/-/merge_requests/21
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bind-dyndb-ldap/+bug/2032650/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~freeipa
Post to : freeipa@lists.launchpad.net
Unsubscribe : https://launchpad.net/~freeipa
More help : https://help.launchpad.net/ListHelp
