Re: Missing samba DSA-4513 changelog in https://metadata.ftp-master.debian.org/changelogs/
On Wed, Apr 07, 2021 at 02:49:49PM +0200, Ben Hutchings wrote:
> On Wed, 2021-04-07 at 20:07 +0900, Hideki Yamane wrote:
> > Hi,
> > I cannot find appropriate pseudo package in reportbug, so ask this
> > in -devel.
> > Fumiyasu (CCed) found a issue with samba package changelog in
> > packages.d.o.
> > https://packages.debian.org/buster/samba has "Debian Changelog" link
> > but its
> > https://metadata.ftp-master.debian.org/changelogs//main/s/samba/samba_4.9.5+dfsg-5+deb10u1_changelog
> > link is 404.
> The latter site is part of the main archive and does not have
> information about package versions that are only in the security
> Packages uploaded to the security archive are normally copied to the
> (old)stable-proposed-update suite of the main archive, so long as that
> is open, i.e. until the last point release. So it looks as if the copy
> to the main archive failed for some reason.
The samba package is held in stable-new by bug#939419, see
> > Something wrong with
> > https://metadata.ftp-master.debian.org/changelogs/ ;,
> > that doesn't have the changelog were introduced with DSA 4513-1 as
> > https://tracker.debian.org/news/1061236/accepted-samba-2495dfsg-5deb10u1-source-into-stable-embargoed-stable/
> > Also, why DSA 4513-1 is not included in Debian10.2 ?
> > See https://www.debian.org/News/2019/20191116
> Because the package didn't get copied to the main archive.
> The common reason why this may fail is that a maintainer uploads a
> different orig tarball to the security archive. However, the two
> versions agree on the checksums of the orig tarball. I would take this
> up with the FTP team.