launchpad-reviewers team mailing list archive

[Colin Watson <cjwatson@xxxxxxxxxxxxx>]

Colin Watson has proposed merging lp:~cjwatson/launchpad/revert-security-uploadpolicy into lp:launchpad.

Requested reviews:
  William Grant (wgrant): code

For more details, see:
https://code.launchpad.net/~cjwatson/launchpad/revert-security-uploadpolicy/+merge/115906

William Grant points out that https://code.launchpad.net/~cjwatson/launchpad/remove-security-uploadpolicy-restriction/+merge/115739 is risky because builds in -security are still forbidden.  Pending a more complete overhaul, revert my previous change and update some comments to try to avoid similar confusion by future developers.
-- 
https://code.launchpad.net/~cjwatson/launchpad/revert-security-uploadpolicy/+merge/115906
Your team Launchpad code reviewers is subscribed to branch lp:launchpad.

=== modified file 'lib/lp/archiveuploader/uploadpolicy.py'
--- lib/lp/archiveuploader/uploadpolicy.py	2012-07-19 13:28:13 +0000
+++ lib/lp/archiveuploader/uploadpolicy.py	2012-07-20 08:34:24 +0000
@@ -245,9 +245,20 @@
             pass
 
     def policySpecificChecks(self, upload):
-        """Check that PPA uploads are within the allowed quota."""
+        """The insecure policy does not allow SECURITY uploads for now.
+
+        If the upload is targeted to any PPA, checks if the upload is within
+        the allowed quota.
+        """
         if upload.is_ppa:
             self.checkArchiveSizeQuota(upload)
+        else:
+            # XXX cjwatson 2012-07-20 bug=1026665: For now, direct uploads
+            # to SECURITY will not be built.  See
+            # BuildPackageJob.postprocessCandidate.
+            if self.pocket == PackagePublishingPocket.SECURITY:
+                upload.reject(
+                    "This upload queue does not permit SECURITY uploads.")
 
     def autoApprove(self, upload):
         """The insecure policy auto-approves RELEASE/PROPOSED pocket stuff.

=== modified file 'lib/lp/soyuz/model/buildpackagejob.py'
--- lib/lp/soyuz/model/buildpackagejob.py	2012-06-13 11:22:35 +0000
+++ lib/lp/soyuz/model/buildpackagejob.py	2012-07-20 08:34:24 +0000
@@ -263,8 +263,10 @@
         # Mark build records targeted to old source versions as SUPERSEDED
         # and build records target to SECURITY pocket as FAILEDTOBUILD.
         # Builds in those situation should not be built because they will
-        # be wasting build-time, the former case already has a newer source
-        # and the latter could not be built in DAK.
+        # be wasting build-time.  In the former case, there is already a
+        # newer source; the latter case needs an overhaul of the way
+        # security builds are handled (by copying from a PPA) to avoid
+        # creating duplicate builds.
         build_set = getUtility(IBinaryPackageBuildSet)
 
         build = build_set.getByQueueEntry(job)