[Pkg-ia32-libs-maintainers] ia32-lib plans and security support for same

Goswin von Brederlow goswin-v-b at web.de
Tue Apr 29 23:25:46 UTC 2008 

dann frazier <dannf at dannf.org> writes:

> On Tue, Apr 29, 2008 at 11:13:47PM +0200, Florian Weimer wrote:
>> * Goswin von Brederlow:
>> 
>> > Joerg Jaspert <ftpmaster at debian.org> writes:
>> >
>> >> - The included complete copy of the source *and* the existing i386
>> >>   binary is something that is really bad. Yes, we get in trouble if we
>> >>   don't include the source for packages on the archive, but it is still
>> >>   a *very* strong point against this packaging scheme.
>> >>   We (as in ftp-team), but even more the security team are against
>> >>   them.
>> 
>> I think from a security support POV, we can get away with it if the
>> .debs are not actually built from the included source code.
>> 
>> > I hope you feel that this will simplify matters not just for us but
>> > also for you and will allow this package split continue.
>> 
>> I simply lack the necessary network bandwidth to keep the current
>> ia32-libs updated.  But for someone with good connectivity, it should be
>> relatively straightforward to build periodic roll-up packages.  We
>> should figure out why this hasn't happened.  The fundamental problem
>> probably lies somewhere else.
>
> I actually looked into trying to do ia32-libs updates for etch
> recently, but didn't know how to proceed. The source code build failed
> for me with conflicting build-deps. (Bdale gave me some pointers
> but I hadn't gotten around to following them.)

Did you just call "./fetch-and-build"? It defaults to downloading just
source and building the debs. We haven't done this in ages and the
ubuntu and sid versions default to downloading debs.

Here is how we build the package

1) If needed adjust the package list in fetch-and-build. This needs to
   happen on soname changes in the libs.
2) BUILD=0 ./fetch-and-build
3) debuild -aamd64 or debuild -aia64
4) possibly mergechanges

> I have good connectivity and would be willing to help here if shown
> how to do it.

If that gives any problems let us know. If you want us to prepare an
update ourself the same. 

>> (Note that you need to deal with security updates *and*
>> stable-proposed-updates, BTW.)
>
> An update in the next etch point release would be good to see..
>
>> And what about downloader that build .debs locally, from the i386 .debs?
>> Has this approach been considered?  This would sidestep the issue of
>> up-to-dateness.
>> 
>
> -- 
> dann frazier

MfG
        Goswin

More information about the Pkg-ia32-libs-maintainers mailing list