Re: broken .orig.tar.gz (Re: package upload rejected - no email)
On Sun, Mar 16, 2008 at 12:19:45PM +0100, Bernhard R. Link wrote:
> * Steve Langasek <vorlon@debian.org> [080315 21:12]:
> > $ cat /srv/ftp.debian.org/queue/reject/rhinote_0.7.0-2_i386.reason
> > Rejected: md5sum and/or size mismatch on existing copy of rhinote_0.7.0.orig.tar.gz.
> > Rejected: can not overwrite existing copy of 'rhinote_0.7.0.orig.tar.gz' already in the archive.
> Looking at the file currently in unstable:
> |$ tar -tvvzf ../rhinote_0.7.0.orig.tar.gz | head -n1
> |drwxr-xr-x kiyuko/kiyuko 0 2006-03-24 02:15 rhinote-0.7.0.orig/
> So the original file looks repackaged without any reason (and not
> comment about this in the the rhinote_0.7.0-1.diff.gz).
> How could this happen? This is a classic error and three people seem
> to not have noticed it. The maintainer is no DD, so I won't blame him.
> But is there a way to know who the sponsor of rhinote_0.7.0-1 was?
> And as rhinote_0.7.0-1 says original upload, I assume some ftp-master
> or ftp-assistent looked at it and missed that, too. Is there a way to
> find out who is letting this crap in our archive?
There is no requirement that we ship pristine tarballs as downloaded from
upstream.
> (What if the .orig.tar.gz was not only repacked but actually modified,
> would everyone have notices?)
Why should that block it from inclusion in the archive? Do you suppose
there's something magical about all upstream tarballs that makes them
non-crap and instantly trustworthy by the ftp team?
Using the pristine tarballs makes it easier to blame certain problems on
upstream, but that's all.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek@ubuntu.com vorlon@debian.org
Reply to: