Source: grub2 Version: 2.04-16 Severity: normal X-Debbugs-Cc: [email protected], [email protected]
grub2 currently uses grub-efi-signed-* as source package names for the Secure Boot signed packages. While releasing the last security update we found a small issue with these names: dak processes source packages in lexiographic order, so it would process grub-efi-signed-* before grub2 when accepting all packages at once from the "embargoed" policy queue. But the grub-efi-signed-* binary packages have Built-Using: grub2; as grub2 is not accepted from embargoed at this point in time, the /binary/ uploads will be rejected in this case. (This problem exists in principle with all Built-Using relations.) We could avoid this particular problem if the source package names of the signed packages sort after grub2, i.e., if they were named grub2-signed-* or grub2-efi-signed-*. With linux this is already the case (src:linux and src:linux-signed-*). (As a minor thing, I think the changelog entry in the signed packages should also use the grub maintainer's name, not ftpmaster@ similar to what src:linux-signed-* has, but that is just cosmetics.) I've Cc'ed debian-release@ as it is already past soft freeze, but I think just renaming the source packages would be unlikely to break anything. Ansgar
