Bug#1022848: linux: 6.0.5 fixes critical btrfs bug
On Sat, 2022-10-29 at 09:23 +0200, Salvatore Bonaccorso wrote:
>
> No unfortunately we cannot do that. The reason is similar to what
> lead
> to
> https://salsa.debian.org/kernel-team/linux/-/commit/248736d493fcfd0e05cd23f97befe40f5c125c71
> or caused bugs like #916927.
Forgive me my ignorance, but from the package's file list I'd assume
that the signatures are included in the kernel image respectively the
module files themselves?
Is that a must, or could they be standalone signatures?
Cause if the latter, wouldn't something like the following be possible:
- have only one package that actually contains the kernel and modules
(and that would be available earlier)
- have that depend on a separate package that ships the standalone
signatures
That would have the benefit that there are no "duplicate" packages, and
people could create a dummy for the signature package with e.g. equivs.
> The signed packages need always longer as this needs action of
> signing
> them trough a seprate manual process of ftp-masters.
Sure, clear.
Best wishes,
Chris.
Reply to: