severity 1108992 grave thanks Bumping severity again since golang-github-containers-ocicrypt is now in testing, so removing opendnssec from testing should be possible. I realized the summer heat caused me to confuse the autoremoval date of 2025-08-22 with 2025-07-22 so there were no real urgency here...
/Simon Simon Josefsson <[email protected]> writes: > severity 1108992 normal > thanks > > Bastian Germann <[email protected]> writes: > >> I have already filed bug#1109540 (unblock: >> golang-github-containers-ocicrypt/1.1.10-3) > > It seems the autoremoval is more aggresive than the override permission, > with autoremoval removing a lot of packages tomorrow that (indirectly) > depends on opendnssec, but the release team override will come into > effect ~2 days later and only allow golang-github-containers-ocicrypt > into testing until after the autoremoval has removed a bunch of > packages. > > I'm lowering the severity of this bug, to give > golang-github-containers-ocicrypt some time to enter testing first, so > that we can raise the severity of this bug again to trigger autoremoval > of the opendnssec package. > > Is there a better way to handle this? I hope this is okay. I think the > original report is about removing opendnssec from trixie, not about > removing everything that depends on opendnssec by mistake, i.e., > everything behind golang-github-containers-ocicrypt, which involves a > lot of packages: > > podman > buildah > cosign > gitsign > gittuf > sigstore-go > ... > > I guess another way is to turn this bug into a release team request to > drop opendnssec from trixie? And not use the autoremoval mechanism to > achieve this. Then the release team can wait for > golang-github-containers-ocicrypt to enter testing, and then remove > opendnssec from testing. > > /Simon >
signature.asc
Description: PGP signature
