[continued from previous message] 
  
 > the same version already is or was is either a reject of the upload by 
 > dak, or two packages with the same version and different contents 
 (#1072205). 
 > 
 > The proper solution would be using something like 1.0-1+b0.13.1 in trixie. 
 > 
 > Even that would not be sufficient for preventing stable-pu and security 
 > to binNMU different packages with the same version for different reasons. 
  
 yes, this needs sorting out - Sebastian's proposal sounds good. 
  
 > And a bonus item: 
 > 
 > 6. Non-flaky builds 
 > 
 > When we are talking about 10k binNMUs as part of a DSA, it would be a 
 > real pain if only 99% of all builds are successful since that would be 
 > 100 build failures the security team would have to handle manually. 
  
 and this as part of QA is a good idea anyway, yes! the packages shipping 
 binaries built from/with Rust code are already regularly rebuilt during the 
 pre-release phase in unstable, either by virtue of natural churn, or by 
 scheduled rebuilds because of rustc updates, so the risk here should be 
 smaller 
 than with other ecosystems where the last build might have been years ago. 
  
 please keep in mind that quite a bit of the analysis above only holds if 
 packages correctly emit Built-Using and Static-Built-Using. 
  
 FWIW, my plan is to focus on getting the S-B-U spec finalized and into 
 policy, 
 and fixing the Rust aspect of its usage across the archive, for now. I am 
 happy 
 to help with the rest, where possible. 
  
 --- SoupGate-Win32 v1.05 
  * Origin: you cannot sedate... all the things you hate (1:229/2)