> On Thu, Oct 03, 2024 at 09:51:36PM +0800, Shengjing Zhu wrote:
>> On Wed, Oct 2, 2024 at 6:02 PM Robie Basak <robie.basak@ubuntu.com> wrote:
>
>>> If we take a fresh upstream release directly into a stable release
>>> update, then it seems to me that it's important to validate that the
>>> orig tarball matches what upstream released, or is otherwise
>>> reproducible against what upstream released (eg. if it was repacked for
>>> the usual reasons).
>
>>> It's not currently a documented hard requirement for SRUs, but I think
>>> that it should be, or at least be our default position.
>
>> Why is this only the hard requirement for SRU? IMHO It should be a
>> hard requirement for all the uploads.
>
> I agree, and it's something that I as an uploader take care of whenever I am
> in a situation of packaging a new upstream version. But there's no
> enforcement of it at the archive level (this wouldn't even be meaningful),
> so in the devel series we rely on individual uploaders to check/enforce this
> (just as we do in Debian).
>
> The SRU process however has an additional review step with the SRU team, so
> it is possible to impose such a check at that point.
I don't think this is necessary when the .orig tarball already is in the
archive for a newer release. Which extra checks do you want to perform?
Are there really cases, where you don't want the new upstream release
first in the development release?
Matthias
--
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel