[SRU] etcd FTBFS on Focal

The debdiff in comment #1 looks reasonable, uploaded for processing by the SRU team. Thanks!

This seems like a reasonable change, but I am worried about potential API incompatibility - etcd 3.2.26+dfsg-6 has been in 20.04 for 2 years now, so there'll be plenty of users, some of which will almost certainly have explored every possible strange edge case.

This is still a reasonable SRU - we don't want users to have to notice any incompatibility at the same time as they need to deploy a critical security fix. We should do some deliberate testing for API compatibility, though. What can be done there?

The test suite is passing fine.
If I compare binaries of current version and with debdiff applied I get the following attached files.
Other than that I am not too familiar with the package to extensively test all API

Is there anyone (maybe on the Server team) who has experience with etcd? This still looks like a worthwhile SRU, but I'm hesitant to do it without a plan for testing.

We asked around the server team, and no one over there has any experience with etcd either.
What should we do next?

We (Security Team) had a discussion today about this issue and we would like to know if the SRU will proceed and if we can get more eyes on this.

If it doesn't, we still see ourselves in a position where we will need to fix this in the security pocket so we are able to patch vulnerabilities in this package.

IIUC, SRU team members are reluctant to risk regressing this package today in order to fix the FTBFS now. And the security team are reluctant to leave it as-is because that makes a potential future security update difficult, and are wondering about risking that same regression in the security pocket instead.

But it strikes me that these two considerations don't directly oppose one another. What if we (SRU team) accept this into the proposed pocket today, and then stage it there without releasing it?

A future security update would then be easy, and at that stage the regression risk would be justified by the need for it.

In the meantime, users will have plenty of "notice" to alert us about regressions in advance. If they don't, and get a regression at the time of the security update anyway, then it doesn't really change the risk to them since the security update would have required us to take the risk anyway.

One catch: users may prefer to take the risk now, rather than at the time of the security update, since then if it goes wrong then they can revert without also being security-exposed by doing so.

But anyway, maybe worth considering? Or maybe the catch is significant and so we should take the risk now?

If the security team decide they want to release all the way to the security+update pockets right now for security reasons, then we should let them take the lead and make decisions on this but push it through the SRU process for better visibility. So if you choose to do that, please fully review to the extent you think appropriate, and then give your security +1 to accept this into -proposed (and later into -updates if you want), and I'll just do that wearing my SRU hat but without any further consideration or review. I say this because you (very appropriately) have the decision making power and authority to push this into the security pocket anyway, but in this case doing it through proposed/updates would probably be better for everyone.

We just published a new version of etcd for Focal with the FTBFS fix + 4 CVEs as we were in the hook for those.
I'm setting this ticket as "Won't Fix", feel free to adjust it if you think otherwise.

Thank you for the update!

OK, so the security update makes this SRU moot. Maybe Fix Released, since it no longer FTBFS? I'll also reject the SRU upload as that doesn't make sense to have any more.

An upload of etcd to focal-proposed has been rejected from the upload queue for the following reason: "Superseded and fixed by security update. See LP: #1959757".