Control: forwarded -1 https://salsa.debian.org/debian/dput-ng/-/merge_requests/35

Hi Guido,

On Fri, Jun 03, 2016 at 09:16:13AM +0200, Guido Günther wrote:

it would be great if dput-ng would check if a security upload needs the upstream source included when doing a security upload. This is necessary
if the upload is the first security upload for an upstream version not
yet present on security-master since upstream tarballs are not shared
with the regular archive.

The check could either be done by looking into the changelog or by
looking at https://qa.debian.org/madison.php or similar.

Or simply by guessing?

This would make notifications by the security team about a missing
upstream tarball (and a rebuilt with -sa) superfluous.

I've created a MR that implements the basic functionality of checking
for a possibly missing .orig.tar and some guesswork that hopefully
matches how security-master works without calling out to madison, but I
imagine that pointing the include_orig configuration item at a madison
url would be the next step if the heuristic doesn't work well enough.

Is this worth including already? If not, you can now install it
locally. Into ~/.dput.d/scripts/ and ~/.dput.d/hooks/ and profit.

Helmut

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)