Announcing Debexpo v2
-----BEGIN PGP SIGNED MESSAGE-----
I am glad to announce, we just deployed the latest software version of
Debexpo, the software running mentors.debian.net. I'm sorry for any
inconveniences as this caused some downtime. Along the update we also
reimported all packages to the datbase because of schema changes in
the backend. Unfortunately we had to remove all comments and package
subscriptions. That said, we dumped the data and we will try to
recover it in the upcoming days.
This a changelog of visible changes:
This is the "Welcome Nicolas Dandrimont release". He made a lot of
substantial and visible improvements in the QA plug-in codebase. The
plug-in output (e.g. Lintian runs) not only looks much better now, it
is also machine-readable in the backend which means we can tighter
integrate plug-in information into semantic workflows based on that
information. Thanks for the great work - we can do many useful things
founded on that improvements in future.
Remove identification of uploads by upload hash when using HTTP. This
should never have been implemented that way. Instead verify the GnuPG
key ID for upload signature. Please check your GnuPG key in your
profile, your key ID must match your changed-by uploader ID, otherwise
Debexpo will reject your upload.
This behavior is the same for both, HTTP and FTP uploads. You can,
but you do not need to update your ~/.dput.cf if you used to use HTTP.
The upload hash is not used at all anymore. Existing configurations
remain compatible for the time being, but we are going to stop support
for these legacy configurations in a future release. Please update
Provide worker tasks which run background jobs on the Expo server.
Aside of this technical detail, this has the visible effect to our
users that packages are automatically being removed from
* The package was uploaded to an official Debian archive.
* The package did not find a sponsor within 12 weeks.
You can always reupload the package before, or after it is being
removed from Expo to reset the timer again.
Fix a bug in the orig.tar.gz handling (again). We now make sure, that
the orig.tar.gz can be overwritten if the user uploaded a tarball
which does not match the MD5 sum of an already known orig.tar.gz. This
bug perhaps caused the most annoyance in the past months.
Provide the correct RSS feed URL in the packages index page and fix
HTML display issues on the same page. Thanks Paul Wise for providing
Make comments (and other pre-formatted texts flow properly in the
browser). Again, thanks Paul Wise and Sasa Bozic for telling us
console hackers how pure vain graphical interfaces need to be designed.
Allow uploads to oldstable-security and fix a substantial amount of
bugs causing the importer to crash previously.
For those who didn't notice yet: https://mentors.debian.net now
We upgraded several templates and workflows to reflect the new
'sponsorship-requests' based BTS workflow. Beyond, no automated
integration is done yet.
with kind regards,
IRC: daemonkeeper on Freenode/OFTC
GnuPG Key-ID: 0x9D80F36D
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----