Bug#1035522: bullseye-pu: package debian-security-support/1:11+2023.05.04
On Fri, 2023-05-19 at 13:57 +, Holger Levsen wrote: > On Thu, May 18, 2023 at 02:44:01PM +0100, Adam D. Barratt wrote: > > > ic. so I should have uploaded to bullseye-proposed-updates > > > instead? > > Any upload goes to p-u first, yeah. So the target should always be > > simply "bullseye", by preference. dak will accept a bunch of other > > things, including "stable", "bullseye-proposed-updates", "proposed- > > updates" and, as you've demonstrated, "bullseye-updates" and DTRT, > > but > > it's cleaner and less potentially confusing if everything uses the > > same. > > ok, thanks. that does make sense. > > > The relevant section of dev-ref implies this, fwiw. I think some > > combination of you and I wrote it. :-) > > oh dear. however upon re-reading 5.5.1 and 5.5.2 I've noticed that > 5.5.2 > says nothing about the suite in d/changelog and I think I'm going to > fix > that now :) fwiw that's semi-intentional, because the point is that there is no difference from an uploader's perspective. "Uploads to stable-updates" don't exist as a thing; rather, some uploads to p-u are cherrypicked by SRM and copied to -updates. So uploaders shouldn't be trying to do anything different from a technical perspective, just remembering to request the -updates copy while discussing the request via the BTS. Regards, Adam
Bug#1035522: bullseye-pu: package debian-security-support/1:11+2023.05.04
On Thu, May 18, 2023 at 02:44:01PM +0100, Adam D. Barratt wrote: > The relevant section of dev-ref implies this, fwiw. I think some > combination of you and I wrote it. :-) https://www.debian.org/doc/manuals/developers-reference/developers-reference.en.html#special-case-the-stable-updates-suite just got this change: Author: Holger Levsen Date: Fri May 19 16:04:35 2023 +0200 pkgs: explicitly state that $suite should be used in d/changelog for uploads to stable-updates. Signed-off-by: Holger Levsen diff --git a/source/pkgs.rst b/source/pkgs.rst +- Uploads to ``stable-updates`` should target their suite name in + the changelog as usual, e.g. ``bullseye``. -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ In a world where you can be anything, be kind. signature.asc Description: PGP signature
Bug#1035522: bullseye-pu: package debian-security-support/1:11+2023.05.04
On Thu, May 18, 2023 at 02:44:01PM +0100, Adam D. Barratt wrote: > > ic. so I should have uploaded to bullseye-proposed-updates instead? > Any upload goes to p-u first, yeah. So the target should always be > simply "bullseye", by preference. dak will accept a bunch of other > things, including "stable", "bullseye-proposed-updates", "proposed- > updates" and, as you've demonstrated, "bullseye-updates" and DTRT, but > it's cleaner and less potentially confusing if everything uses the > same. ok, thanks. that does make sense. > The relevant section of dev-ref implies this, fwiw. I think some > combination of you and I wrote it. :-) oh dear. however upon re-reading 5.5.1 and 5.5.2 I've noticed that 5.5.2 says nothing about the suite in d/changelog and I think I'm going to fix that now :) https://www.debian.org/doc/manuals/developers-reference/developers-reference.en.html#special-case-the-stable-updates-suite -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ If a monkey hoarded more bananas than it could eat, while most of the other monkeys starved, scientists would study that monkey to figure out what the heck was wrong with it. When humans do it, we put them on the cover of Forbes. signature.asc Description: PGP signature
Bug#1035522: bullseye-pu: package debian-security-support/1:11+2023.05.04
On Thu, 2023-05-18 at 09:22 +, Holger Levsen wrote: > On Thu, May 18, 2023 at 06:44:18AM +0100, Adam D. Barratt wrote: > > On Thu, 2023-05-18 at 00:44 +, Holger Levsen wrote: > > > debian-security-support (1:11+2023.05.04) bullseye-updates; > > > urgency=medium > > Hmmm. I didn't expect that would work, although apparently it did, > > at > > least for the package to get as far as stable-new. I'm hoping dak > > also > > dtrt for accepts of such packages, i.e. moves them to p-u as for > > any > > other stable upload. > > > > -updates isn't an upload target; packages enter it by SRM asking > > dak to > > copy them from p-u. > > ic. so I should have uploaded to bullseye-proposed-updates instead? Any upload goes to p-u first, yeah. So the target should always be simply "bullseye", by preference. dak will accept a bunch of other things, including "stable", "bullseye-proposed-updates", "proposed- updates" and, as you've demonstrated, "bullseye-updates" and DTRT, but it's cleaner and less potentially confusing if everything uses the same. The relevant section of dev-ref implies this, fwiw. I think some combination of you and I wrote it. :-) Regards, Adam
Bug#1035522: bullseye-pu: package debian-security-support/1:11+2023.05.04
On Thu, May 18, 2023 at 06:44:18AM +0100, Adam D. Barratt wrote: > On Thu, 2023-05-18 at 00:44 +, Holger Levsen wrote: > > debian-security-support (1:11+2023.05.04) bullseye-updates; > > urgency=medium > Hmmm. I didn't expect that would work, although apparently it did, at > least for the package to get as far as stable-new. I'm hoping dak also > dtrt for accepts of such packages, i.e. moves them to p-u as for any > other stable upload. > > -updates isn't an upload target; packages enter it by SRM asking dak to > copy them from p-u. ic. so I should have uploaded to bullseye-proposed-updates instead? -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ People call vaccine mandates "Orwellian" even though Orwell died at 46 of tuberculosis, which is now preventable with a vaccine. signature.asc Description: PGP signature
Bug#1035522: bullseye-pu: package debian-security-support/1:11+2023.05.04
On Thu, 2023-05-18 at 00:44 +, Holger Levsen wrote: > debian-security-support (1:11+2023.05.04) bullseye-updates; > urgency=medium > Hmmm. I didn't expect that would work, although apparently it did, at least for the package to get as far as stable-new. I'm hoping dak also dtrt for accepts of such packages, i.e. moves them to p-u as for any other stable upload. -updates isn't an upload target; packages enter it by SRM asking dak to copy them from p-u. Regards, Adam
Bug#1035522: bullseye-pu: package debian-security-support/1:11+2023.05.04
On Fri, May 12, 2023 at 08:30:22PM +0100, Adam D. Barratt wrote:
> It's only been a week, and one of the SRMs has been on a publicised
> (fvo publicised being relevant to DDs) week away. It's a little soon to
> be chasing. :-(
(again) I'm sorry if this felt as chasing, this wasn't my intention.
> I'm a bit confused here. Your own text above indicates that you're
> aware that there won't be any more point releases before the release,
> and that therefore the package *cannot* be in bullseye before the
> release. Point releases are the mechanism by which packages get updated
> in stable.
yes, that part I am and was familar with. Less clear was ${distro}-updates,
which thankfully got resolved through this bug. I think. ;)
> In any case, please go ahead.
thanks, done so now with this changelog:
debian-security-support (1:11+2023.05.04) bullseye-updates; urgency=medium
.
[ Holger Levsen ]
* set DEB_NEXT_VER_ID=12 as bookworm is the next release. Closes: #1034077.
Thanks to Stuart Prescott.
.
[ Sylvain Beucler ]
* security-support-limited: add gnupg1, see #982258.
--
cheers,
Holger
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄
"I became an antifascist out of a sense of common decency.” – Marlene Dietrich
signature.asc
Description: PGP signature
Bug#1035522: bullseye-pu: package debian-security-support/1:11+2023.05.04
Control: tags -1 + confirmed On Fri, 2023-05-12 at 08:50 +, Holger Levsen wrote: > hi, > > friendly ping on this. > It's only been a week, and one of the SRMs has been on a publicised (fvo publicised being relevant to DDs) week away. It's a little soon to be chasing. :-( > On Thu, May 04, 2023 at 07:50:37PM +0200, Holger Levsen wrote: > > this is a pre-approval request, I have not uploaded this yet > > (except to > > unstable). > > the package has migrated to bookworm now. > > > [ Reason ] > > > > unfortunatly debian-security-support in both bullseye and bookworm > > are affected by - #1034077 > > "debian-security-support: Lots of noise about DEBIAN_VERSION 12 > > being > > invalid when upgrading bullseye→bookworm" > [...] > > > [ Other info ] > > As there will be no more bullseye point releases before the > > bookworm > > release, this probably needs to go in via bullseye-updates. Is > > d/changelog > > correct for this like it is? > > I'm not quoting the full bug report but the above is reason why this > should > go into *bullseye* before the bookworm release... I'm a bit confused here. Your own text above indicates that you're aware that there won't be any more point releases before the release, and that therefore the package *cannot* be in bullseye before the release. Point releases are the mechanism by which packages get updated in stable. In any case, please go ahead. Regards, Adam
Bug#1035522: bullseye-pu: package debian-security-support/1:11+2023.05.04
hi, friendly ping on this. On Thu, May 04, 2023 at 07:50:37PM +0200, Holger Levsen wrote: > this is a pre-approval request, I have not uploaded this yet (except to > unstable). the package has migrated to bookworm now. > [ Reason ] > > unfortunatly debian-security-support in both bullseye and bookworm > are affected by - #1034077 > "debian-security-support: Lots of noise about DEBIAN_VERSION 12 being > invalid when upgrading bullseye→bookworm" [...] > [ Other info ] > As there will be no more bullseye point releases before the bookworm > release, this probably needs to go in via bullseye-updates. Is d/changelog > correct for this like it is? I'm not quoting the full bug report but the above is reason why this should go into *bullseye* before the bookworm release... -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ When you’re used to privilege, equality feels like oppression. signature.asc Description: PGP signature
Bug#1035522: bullseye-pu: package debian-security-support/1:11+2023.05.04
On Thu, May 04, 2023 at 07:50:37PM +0200, Holger Levsen wrote: > [ Checklist ] > [x] *all* changes are documented in the d/changelog > [x] I reviewed all changes and I approve them > [x] attach debdiff against the package in (old)stable > [x] the issue is verified as fixed in unstable I forgot to mention: I also reviewed the (only recently added checklist in README.source about what to do for a new release cycle and confirmed this checklist is correct and complete, so that I'm quite very hopeful we wont have something like #1034077 for forky. (#1034077 is fixed in unstable (thus trixie) and those two bugs in To: are to get the fix into bullseye and bookworm.) -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ Das Leben ist schön. Von 'einfach' war nie die Rede. (@lernzyklus) signature.asc Description: PGP signature
Bug#1035522: bullseye-pu: package debian-security-support/1:11+2023.05.04
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu hi, this is a pre-approval request, I have not uploaded this yet (except to unstable). [ Reason ] unfortunatly debian-security-support in both bullseye and bookworm are affected by - #1034077 "debian-security-support: Lots of noise about DEBIAN_VERSION 12 being invalid when upgrading bullseye→bookworm" though fortunatly the fix is trivial and buster is not affected. (And unfortunatly I forgot to fix this in the last bullseye point release...) [ Impact ] Lots of noise on bullseye to bookworm upgrades with debian-security-support installed (which has a popcon of ~2750) [ Tests ] none, but the diff is really small & straightforward, see attachment. check-support-status.in |2 +- debian/changelog | 11 +++ debian/rules |2 +- security-support-limited |1 + 4 files changed, 14 insertions(+), 2 deletions(-) [ Risks ] more users complaining about noise. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Other info ] As there will be no more bullseye point releases before the bookworm release, this probably needs to go in via bullseye-updates. Is d/changelog correct for this like it is? -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ If we'd ban all cars from cities tomorrow, next week we will wonder why we waited for so long. diff -Nru debian-security-support-11+2022.08.23/check-support-status.in debian-security-support-11+2023.05.04/check-support-status.in --- debian-security-support-11+2022.08.23/check-support-status.in 2022-08-23 18:24:26.0 +0200 +++ debian-security-support-11+2023.05.04/check-support-status.in 2023-05-04 19:24:04.0 +0200 @@ -13,7 +13,7 @@ # Oldest Debian version included in debian-security-support DEB_LOWEST_VER_ID=9 # Version ID for next Debian stable -DEB_NEXT_VER_ID=11 +DEB_NEXT_VER_ID=12 if [ -z "$DEBIAN_VERSION" ] ; then DEBIAN_VERSION="$(cat /etc/debian_version | grep '[0-9.]' | cut -d. -f1)" diff -Nru debian-security-support-11+2022.08.23/debian/changelog debian-security-support-11+2023.05.04/debian/changelog --- debian-security-support-11+2022.08.23/debian/changelog 2022-08-23 18:26:34.0 +0200 +++ debian-security-support-11+2023.05.04/debian/changelog 2023-05-04 19:27:19.0 +0200 @@ -1,3 +1,14 @@ +debian-security-support (1:11+2023.05.04) bullseye; urgency=medium + + [ Holger Levsen ] + * set DEB_NEXT_VER_ID=12 as bookworm is the next release. Closes: #1034077. +Thanks to Stuart Prescott. + + [ Sylvain Beucler ] + * security-support-limited: add gnupg1, see #982258. + + -- Holger Levsen Thu, 04 May 2023 19:27:19 +0200 + debian-security-support (1:11+2022.08.23) bullseye; urgency=medium * Update security-support-limited from 1:12+2022.08.19 from unstable, diff -Nru debian-security-support-11+2022.08.23/debian/rules debian-security-support-11+2023.05.04/debian/rules --- debian-security-support-11+2022.08.23/debian/rules 2022-08-23 18:24:26.0 +0200 +++ debian-security-support-11+2023.05.04/debian/rules 2023-05-04 19:24:04.0 +0200 @@ -1,6 +1,6 @@ #!/usr/bin/make -f -NEXT_VERSION_ID=11 +NEXT_VERSION_ID=12 DEBIAN_VERSION ?= $(shell cat /etc/debian_version | grep '[0-9.]' | cut -d. -f1) ifeq (,$(DEBIAN_VERSION)) diff -Nru debian-security-support-11+2022.08.23/security-support-limited debian-security-support-11+2023.05.04/security-support-limited --- debian-security-support-11+2022.08.23/security-support-limited 2022-08-23 18:24:26.0 +0200 +++ debian-security-support-11+2023.05.04/security-support-limited 2023-05-04 19:24:04.0 +0200 @@ -12,6 +12,7 @@ ganglia See README.Debian.security, only supported behind an authenticated HTTP zone, #702775 ganglia-web See README.Debian.security, only supported behind an authenticated HTTP zone, #702776 golang* See https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html#golang-static-linking +gnupg1 See #982258 and https://www.debian.org/releases/stretch/amd64/release-notes/ch-whats-new.en.html#modern-gnupg kde4libskhtml has no security support upstream, only for use on trusted content khtml khtml has no security support upstream, only for use on trusted content, see #1004293 mozjs68 Not covered by security support, only suitable for trusted content, see #959804 signature.asc Description: PGP signature
