[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: broken .orig.tar.gz (Re: package upload rejected - no email)

On Sun, Mar 16, 2008 at 12:19:45PM +0100, Bernhard R. Link wrote:
> * Steve Langasek <vorlon@debian.org> [080315 21:12]:
> > $ cat /srv/ftp.debian.org/queue/reject/rhinote_0.7.0-2_i386.reason 
> > Rejected: md5sum and/or size mismatch on existing copy of rhinote_0.7.0.orig.tar.gz.
> > Rejected: can not overwrite existing copy of 'rhinote_0.7.0.orig.tar.gz' already in the archive.

> Looking at the file currently in unstable:
> |$ tar -tvvzf ../rhinote_0.7.0.orig.tar.gz | head -n1
> |drwxr-xr-x kiyuko/kiyuko     0 2006-03-24 02:15 rhinote-0.7.0.orig/

> So the original file looks repackaged without any reason (and not
> comment about this in the the rhinote_0.7.0-1.diff.gz).

> How could this happen? This is a classic error and three people seem
> to not have noticed it. The maintainer is no DD, so I won't blame him.
> But is there a way to know who the sponsor of rhinote_0.7.0-1 was?
> And as rhinote_0.7.0-1 says original upload, I assume some ftp-master
> or ftp-assistent looked at it and missed that, too. Is there a way to
> find out who is letting this crap in our archive?

There is no requirement that we ship pristine tarballs as downloaded from

> (What if the .orig.tar.gz was not only repacked but actually modified,
> would everyone have notices?)

Why should that block it from inclusion in the archive?  Do you suppose
there's something magical about all upstream tarballs that makes them
non-crap and instantly trustworthy by the ftp team?

Using the pristine tarballs makes it easier to blame certain problems on
upstream, but that's all.

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org

Reply to: