If you copy an upload including custom files from a PPA to the primary archive, then the code that's supposed to send custom uploads through the upload queue doesn't work. This is because of the getTargetArchive shenanigans in CustomUploadsCopier, which returns None if the original upload was to a PPA. We need to fix this in order to be able to stage security fixes to (in particular) UEFI images in the ubuntu-security PPA.
As part of fixing this, it will be mandatory to make copied custom uploads go through some equivalent of BuildDaemonUploadPolicy.autoApprove, which causes all UEFI uploads to the primary archive to require manual approval in order to prevent anyone with upload privileges to Ubuntu being able to produce images signed with the Ubuntu UEFI key. We are saved from a security vulnerability by the fact that UEFI uploads copied from a PPA are not signed due to this bug, and that UEFI uploads copied from the primary archive will already have been through sufficient manual approval; but we must fix this before making copies of custom uploads from PPAs work.
Fixed in stable r16021 <http://