[debhelper-devel] Bad interaction between pbuilder/debhelper/dpkg-buildinfo/dpkg-genchanges and dak on security-master
Yves-Alexis Perez
corsac at debian.org
Sun Jul 9 15:16:31 UTC 2017
On Sun, 2017-07-09 at 15:41 +0100, James Clarke wrote:
> You've done the build, so by uploading the _amd64.buildinfo
> you are announcing that you were able to produce those build results in the
> specified environment, and in theory it allows anyone to compare the buildd's
> results to what you claim to have been able to build, without you ever having
> to upload the binaries (yes, throwing away binary uploads would allow you to do
> this, but *you would still want to upload and keep the _amd64.buildinfo
> otherwise you have nothing to compare against and you might as well have just
> done a source-only upload*).
Actually, I've done the build just to be sure what I'm uploading does build.
But I'm doing a source-only upload, I'm uploading only the _sources.changes
that pbuilder requests generating (with SOURCE_ONLY_CHANGES=yes in
.pbuilderrc), but the build does produce and _amd64.changes too (which I don't
touch).
Regards,
--
Yves-Alexis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/debhelper-devel/attachments/20170709/e20424af/attachment.sig>
More information about the debhelper-devel
mailing list