Re: broken .orig.tar.gz (Re: package upload rejected - no email)
On Sun, Mar 16, 2008 at 09:07:48AM -0400, Kevin Coyner wrote:
> > I think you want the one that uploaded the .orig.tar.gz, so:
> > lynx -dump http://packages.qa.debian.org/r/rhinote/news/20060625T184700Z.html | gpg --verify
> > gpg: Signature made Sun 11 Jun 2006 03:11:54 PM CEST using DSA key ID B345BDD3
> > gpg: Good signature from "Neil McGovern <email@example.com>"
> > gpg: aka "Neil McGovern <firstname.lastname@example.org>"
> > gpg: aka "Neil McGovern (SPI) <email@example.com>"
> I'm going to contact upstream and ask if they would consider
> releasing a new version so that this can get cleaned up.
Why does it need to be cleaned up? Other than the fact that the checksums
don't match, what's wrong with the tarball in the archive?
I would be embarrassed to have upstreams releasing new upstream versions
over what should solely be an internal Debian issue. If the current tarball
really is unacceptable, all it takes to fix up in Debian is to create a
Debian-local upstream version number - like the suggested '0.7.0+pristine.
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/