et a (new) physical host for security-master that
provides this? It should probably be a physical host and not a VM to
allow using a YubiKey (or similar) for the signing key.
- Time. I currently don't have much to spend on Debian.
Are there more issues that ftp-master would have to deal with?
Ansgar
Paul Gevers writes:
> On 20-05-2019 09:06, Ansgar wrote:
>> I though about importing the full source to security-master already for
>> a different reason: `Built-Using` leads to a similar problem as binNMUs
>> in that uploads require source that is not already present in the
s (mails,
database, web interface (rmadison), ...).
I personally also don't find it too bad to have a fallback: if one of
the hosts is broken at the same time we have to release a critical
update, we can still do so by publishing via the "wrong" archive.
Ansgar
