[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

broken .orig.tar.gz (Re: package upload rejected - no email)

* Steve Langasek <vorlon@debian.org> [080315 21:12]:
> $ cat /srv/ftp.debian.org/queue/reject/rhinote_0.7.0-2_i386.reason 
> Rejected: md5sum and/or size mismatch on existing copy of rhinote_0.7.0.orig.tar.gz.
> Rejected: can not overwrite existing copy of 'rhinote_0.7.0.orig.tar.gz' already in the archive.

Looking at the file currently in unstable:
|$ tar -tvvzf ../rhinote_0.7.0.orig.tar.gz | head -n1
|drwxr-xr-x kiyuko/kiyuko     0 2006-03-24 02:15 rhinote-0.7.0.orig/

So the original file looks repackaged without any reason (and not
comment about this in the the rhinote_0.7.0-1.diff.gz).

How could this happen? This is a classic error and three people seem
to not have noticed it. The maintainer is no DD, so I won't blame him.
But is there a way to know who the sponsor of rhinote_0.7.0-1 was?
And as rhinote_0.7.0-1 says original upload, I assume some ftp-master
or ftp-assistent looked at it and missed that, too. Is there a way to
find out who is letting this crap in our archive?
(What if the .orig.tar.gz was not only repacked but actually modified,
would everyone have notices?)

	Bernhard R. Link

Reply to: