Web lists-archives.com

Re: Re: usrmerge -- plan B?




On Wed, Nov 28, 2018 at 07:52:08AM +0500, Alexander E. Patrakov wrote:
 As long as there is one Debian Developer (or any other person who has the
> right to upload binary packages) who has a merged /usr on his system used
> for building packages, there is a risk of reintroducing the bug through his
> package. Maybe we should somehow, in the short term, modify dpkg to add
> something like "Tainted-By: usr-merge" control field to all binary packages
> produced, if a package is built on a system with merged /usr (detected via
> /bin being a symlink). 

we have .buildinfo files now which document the packages installed
during build time. If usrmerge is installed it will be there.

> And a corresponding automatic check that would
> auto-reject binary packages with any Tainted-By control field from being
> uploaded to the Debian archive.

we lack that, but thats a simple grep.


-- 
cheers,
	Holger

-------------------------------------------------------------------------------
               holger@(debian|reproducible-builds|layer-acht).org
       PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

Attachment: signature.asc
Description: PGP signature