Bug#869184: dpkg: source uploads including _amd64.buildinfo cause problems
Holger Levsen
holger at layer-acht.org
Sat Feb 22 17:14:49 GMT 2020
hi Guillem,
On Fri, Nov 09, 2018 at 11:55:38AM +0100, Guillem Jover wrote:
> Actually, I guess the other option that might be an option for stable is
> to make dpkg-buildpackage generate the buildinfo file itself, and on
> source-only uploads force the name to be _source.buildinfo regardless
> of the options passed down to dpkg-genbuildinfo (even if the contents
> will end up not matching the name).
>
> This would seem rather less intrusive, as that only changes the
> behavior in a "corner-case" (even though documented and recommended
> one), when using «dpkg-buildpackage --changes-option=-S». And while it
> could be considered to produce confusing filenames, it sticks to the
> current pattern. It would also fix the other bug where running
> dpkg-genbuildinfo leaves debian/files around, even on source only
> builds.
>
> So, I might go with that instead.
any update on this?
the security team people still have to workaround this manually regularily, eg
today, and would really like to see this fixed...
--
cheers,
Holger
-------------------------------------------------------------------------------
holger@(debian|reproducible-builds|layer-acht).org
PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
"... the premise [is] that privacy is about hiding a wrong. It's not.
Privacy is an inherent human right, and a requirement for maintaining
the human condition with dignity and respect." (Bruce Schneier)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/reproducible-builds/attachments/20200222/dc23c7d7/attachment.sig>
More information about the Reproducible-builds
mailing list