Hi, On Fri, May 10, 2019 at 10:44:13AM +0800, Shengjing Zhu wrote: > Hi the security team, > > On Thu, May 9, 2019 at 1:53 AM Moritz Muehlenhoff <[email protected]> wrote: > [...] > > > > There's the additional issue that ftp-master and security-master don't > > share tarballs; binNMUs are only possible for packages which are on > > security-master, so we'd need to do manual source uploads for every > > affected go package. > > > > I probably lack of some historical background, have you ever think of > merging ftp-master and security-master?
The security team does not manage dak on security-master, this is actually ftp-masters domain. The separation has as disadantages and advantages, one which comes to my mind idepenently on the aspect of the one beeing security-master is to have a fallback updateing channel in case one or the other cannot be used. But okay that's not the point. There is #823820 for one Built-Using aspect, but the idea might be possible to generalize to have on every time orig tarballs from main archive available on security-master as well. Regards, Salvatore
