← Back to team overview

freeipa team mailing list archive

[Bug 2032650] Re: Add DEP8 tests for bind-dyndb-ldap integration

 

This bug was fixed in the package bind-dyndb-ldap -
11.9-5ubuntu0.22.04.3

---------------
bind-dyndb-ldap (11.9-5ubuntu0.22.04.3) jammy-security; urgency=medium

  * No-change rebuild for bind9 security update.

 -- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx>  Wed, 20 Sep 2023
15:58:12 -0400

** Changed in: bind-dyndb-ldap (Ubuntu Jammy)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to bind-dyndb-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/2032650

Title:
  Add DEP8 tests for bind-dyndb-ldap integration

Status in bind-dyndb-ldap package in Ubuntu:
  Fix Released
Status in bind9 package in Ubuntu:
  Fix Released
Status in bind-dyndb-ldap source package in Jammy:
  Fix Released
Status in bind9 source package in Jammy:
  In Progress
Status in bind-dyndb-ldap source package in Lunar:
  Fix Committed
Status in bind9 source package in Lunar:
  In Progress
Status in bind-dyndb-ldap source package in Mantic:
  Fix Released
Status in bind9 source package in Mantic:
  Fix Released

Bug description:
  [ Impact ]

  bind-dyndb-ldap breaks very frequently with bind9 updates. Both must
  have DEP8 tests so these breakages can be caught before a release.

  [ Test Plan ]

  For both packages, the test plan consists in having the new dyndb-ldap
  DEP8 test run and succeed.

  [ Where problems could occur ]
  With this new DEP8 change, a bind9 update can be blocked by a bind-dyndb-ldap failure to build or run with it.

  While this is exactly the intent (not leave a broken bind-dyndb-ldap
  package in the release), there is a history indicating that bind-
  dyndb-ldap can be late in catching up to bind9 changes. We may reach a
  situation where an important bind9 security update, for example, will
  be blocked by a failing dyndb-ldap test, and it may be difficult to
  fix bind-dyndb-ldap in time, specially if the security update is under
  embargo and the bind-dyndb-ldap developers do not yet have details of
  the changes.

  
  [ Other Info ]
   
  The same test is to be applied to the bind9 package, and is already in mantic. But SRUs for DEP8 changes only are frowned upon, so the plan is to upload it to proposed and block it there, but AFTER bind-dyndb-ldap has been released.

  The tight coupling between bind9 and bind-dyndb-ldap is problematic
  (see [1], [2] and [3]). The moment a new bind9 hits proposed with this
  test, it fill fail until a new bind-dyndb-ldap is rebuilt with that
  proposed version.

  One option would perhaps to accept a one-time DEP8-only change for
  bind9, so that we can upload both packages together, instead of
  leaving this in proposed with a blocking tag, to be picked up by the
  next bind9 "real" update?

  
  1. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014503
  2. https://pagure.io/bind-dyndb-ldap/issue/225
  3. https://salsa.debian.org/dns-team/bind9/-/merge_requests/21

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bind-dyndb-ldap/+bug/2032650/+subscriptions