On 03.10.24 22:28, Steve Langasek wrote:
On Thu, Oct 03, 2024 at 09:51:36PM +0800, Shengjing Zhu wrote:
On Wed, Oct 2, 2024 at 6:02 PM Robie Basak <robie.ba...@ubuntu.com> wrote:
If we take a fresh upstream release directly into a stable release
update, then it seems to me that it's important to validate that the
orig tarball matches what upstream released, or is otherwise
reproducible against what upstream released (eg. if it was repacked for
the usual reasons).
It's not currently a documented hard requirement for SRUs, but I think
that it should be, or at least be our default position.
Why is this only the hard requirement for SRU? IMHO It should be a
hard requirement for all the uploads.
I agree, and it's something that I as an uploader take care of whenever I am
in a situation of packaging a new upstream version. But there's no
enforcement of it at the archive level (this wouldn't even be meaningful),
so in the devel series we rely on individual uploaders to check/enforce this
(just as we do in Debian).
The SRU process however has an additional review step with the SRU team, so
it is possible to impose such a check at that point.
I don't think this is necessary when the .orig tarball already is in the
archive for a newer release. Which extra checks do you want to perform?
Are there really cases, where you don't want the new upstream release
first in the development release?
Matthias
--
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
