[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Rejected: epcr_2.3.9-1.dsc: sha1 check failed

On Thu, Apr 17, 2008 at 11:34:06AM -0400, James Vega wrote:
> You're mixing stable and unstable tools.  You have to expect that you may run
> into incompatibilities

I expect such a thing.  For example, building packages with
svn-buildpackage runs a 'debian/rules clean' before going into the
chroot.  With debhelper level 6 packages, this fails on Etch.  I add
'--svn-dont-clean' for those packages and am extra careful to not let
any cruft filter in.

> -- that happens with feature development.  As far as I
> know, we only require that *upgrades* from one stable release to the next
> stable release will work, not intermingling tools between them.  The only
> thing about this that looks bad, IMO, is that we had some bad timing on
> uploads (which happens in unstable) and that we have developers who can't pay
> attention to debian-devel-announce.
Well, I pay attention to d-d-a and even read the message that you refer
to.  However never at any time I think that upgrading dpkg to introduce
new checksum fields (and a newer format version) would result in package
uploads being rejected.

> devscripts (and the debsign tool) is simply a convenience package and not
> having an up-to-date version of the package does not prevent you from doing
> your work.  You can just as easily run dpkg-buildpackage in a chroot to build
> your packages and that has been generating proper signed .changes files the
> entire time.
Only if the unstable chroot or system has my key in it.  Of course,
without gpg-agent it is a realy hassle if you are trying to build and
upload lots of packages.

> On the plus side, debsign is now more resilient to future changes in the
> Format of .changes files (as will mergechanges in the next upload).  This only
> changes *when* the reject happens though (at debsign run instead of at
> upload), not whether it happens at all.  Hopefully other tools which parse the
> .changes file have also learned from this experience and taken similar steps
> to prevent operating on Formats they don't understand.
This certainly good.  However, perhaps dak should have been changed to
accept both format versions (1.7 and 1.8), instead of just rejecting the
old one right away.  This could have been continued until some fixed
time after the release of Lenny.  It is just a suggestion.  I am living
with the situation for now, because I still need to work on my packages
and my groups' packages and upload them.  However, I think that the
whole thing was gone about in a rather uncoordinated fashion.  To me,
that is what looks bad.



Roberto C. Sánchez

Attachment: signature.asc
Description: Digital signature

Reply to: