libxmlb1 security update: "No changes rebuild"
Marc Deslauriers
marc.deslauriers at canonical.com
Mon Jun 15 14:42:48 UTC 2020
On 2020-06-15 10:38 a.m., flynn16 at tutanota.com wrote:
> Dear maintainers:
>
> The changelog of libxmlb1 0.1.8-1~ubuntu18.04.2 came to my attention. It says
>
> libxmlb (0.1.8-1~ubuntu18.04.2) bionic-security; urgency=medium * No changes rebuildDate: 2020-06-09 18:12:15.680810+00:00Changed-By: [email address hidden] (Leonidas S. Barbosa)
>
> In Debian ( https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/libxmlb.html ) this package is regarded as "reproducible", which makes me more confused. If the package has no changes in the source code, what is the reason for the rebuild, and why is it published as a security update?
>
> Best Regards,
> Flynn
>
In Ubuntu, security updates are only build against the release pocket, and
against the -security pocket. This is done so that users can only enable
security updates without getting regular updates.
libxmlb was only in the -updates pocket, but was required by a fwupd security
update. Hence, it needed to be rebuilt without any changes in the -security
pocket so that fwupd could be released as a security update.
I hope that clears it up,
Marc.
--
Marc Deslauriers
Ubuntu Security Engineer | http://www.ubuntu.com/
Canonical Ltd. | http://www.canonical.com/
More information about the Ubuntu-devel-discuss
mailing list