On 2020-06-15 10:38 a.m., flyn...@tutanota.com wrote: > Dear maintainers: > > The changelog of libxmlb1 0.1.8-1~ubuntu18.04.2 came to my attention. It says > > libxmlb (0.1.8-1~ubuntu18.04.2) bionic-security; urgency=medium * No changes > rebuildDate: 2020-06-09 18:12:15.680810+00:00Changed-By: [email address > hidden] (Leonidas S. Barbosa) > > In Debian ( > https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/libxmlb.html > ) this package is regarded as "reproducible", which makes me more confused. > If the package has no changes in the source code, what is the reason for the > rebuild, and why is it published as a security update? > > Best Regards, > Flynn >
In Ubuntu, security updates are only build against the release pocket, and against the -security pocket. This is done so that users can only enable security updates without getting regular updates. libxmlb was only in the -updates pocket, but was required by a fwupd security update. Hence, it needed to be rebuilt without any changes in the -security pocket so that fwupd could be released as a security update. I hope that clears it up, Marc. -- Marc Deslauriers Ubuntu Security Engineer | http://www.ubuntu.com/ Canonical Ltd. | http://www.canonical.com/ -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
