Comment 6 for bug 1792497

It's correct that the shim binary that gets published to trusty is built on bionic; we only have one shim binary that's current at any given time (each must be signed separately by microsoft, we don't have separate binaries per series). But obviously the .deb published to trusty needs to be installable with trusty dpkg.

I don't understand how this SRU could ever have passed verification if the .deb isn't installable with the trusty dpkg, however.