Duplicate Debian packages with matching name-version-arch problem

Mon Jan 26 19:54:44 UTC 2026

On Mon, Jan 26, 2026 at 08:50:16AM -0800, Vagrant Cascadian wrote:
> I *think* there is still an additional problem with the security uploads
> getting imported into the SUITE-proposed-updates, which is briefly
> mentioned in the bug report you pointed to
> https://bugs.debian.org/1072205

i see. if you could add concrete examples to that bug report, that might
be helpful.

> But "just" stopping doing Debian's quirky binNMUs seems like the
> simplest approach, and solves numerous other issues for good measure
> (e.g. multi-arch drift, arch:all drift, etc.). We could almost just do
> it, as an organization, by deciding not to use the historic footguns
> anymore, though they are pretty entrenched in some workflows. :|

well, the release team needs them.

> ... though these issues are getting to be very Debian specific. :)

yes. I was a bit surprised about your choice of mailing list, as we have a
Debian specific rb list too :)

-- 
cheers,
	Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

If you say you love freedom, but want to restrict certain groups, you don't
love freedom, you love privilege. (Tim Waltz)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20260126/eaab1425/attachment.sig>