On 6/27/22 03:08, Scott Kitterman wrote:
On June 27, 2022 1:06:10 AM UTC, Russ Allbery <rra@debian.org> wrote:Ben Finney <bignose@debian.org> writes:My guess is that this is something to do with an update to the signing GnuPG key expiry date. I can get into that in a different thread if needed. The trouble is, I can only guess, because there are no messages from anything in the Debian archive telling me what went wrong.My recollection is that if the signature on the upload is invalid, we intentionally delete the upload with no notice (because we have no confirmed knowledge of who to notify). It's possible that my information is dated, though....That's correct.
as i've wondered myself about this in the past (not for some time though, since i no longer update my keys just-in-time): would it be possible to list reasons for (silent) discards on a prominent page? (e.g. somewhere on https://ftp-master.d.o¹;).
i see that ftp://ftp.upload.debian.org/pub/UploadQueue/ contains a README that says:
> Only known Debian developers can upload here. Uploads have to be > signed by PGP keys in the Debian keyring. Files not meeting this > criterion or files not mentioned in a .changes file will be removed > after some time. which hints at the current behaviour (but does not make it explicit).and to be honest: i think that some random file on an ftp-server is not very visible in the first place. chrome and firefox both have ditched ftp support, which reduces the options to just *browse* the ftp-directory to...what? filezilla (shudder) and ftp on the cmdline (my beard is now white enough to get homely feelings when i encounter such a thing; but really?)²
gfmsar IOhannes¹ i guess https://ftp-master.debian.org/#rejections would be a good starting place, although this currently only speaks about explicit *rejects* , and silently discards the notion of silent *discards*. ² is there some special reason to not make the UploadQueue available via https *also*? at least i haven't found a browseable link anywhere...