Bug#715216: qa.debian.org: collab-qa/upload-history: Software trusts "Date" headers which are sometimes set wrong

To: submit@bugs.debian.org
Subject: Bug#715216: qa.debian.org: collab-qa/upload-history: Software trusts "Date" headers which are sometimes set wrong
From: Asheesh Laroia <asheesh@asheesh.org>
Date: Sun, 7 Jul 2013 00:10:31 -0400 (EDT)
Message-id: <[🔎] alpine.DEB.2.02.1307062359210.29691@rose.makesad.us>
Reply-to: Asheesh Laroia <asheesh@asheesh.org>, 715216@bugs.debian.org

Package: qa.debian.org
Severity: normal
User: qa.debian.org@packages.debian.org
Usertags: udd

I've found (and reproduced) an issue in the collab-qa/upload-history code.(By that, I mean the stuff you can get from here:svn+ssh://paulproteus@svn.debian.org/svn/collab-qa/upload-history )

I was reading the upload_history table, and noticed that one package wassupposedly uploaded on 2019-02-07. Further research indicates that thefile with the bad data is "debian-devel-changes.199902.gz".

Looking athttps://lists.debian.org/debian-devel-changes/1999/02/msg00707.html youcan see one such offending email -- the "Date" header claims the email wassent in 2019.

I can reproduce this bad data getting output by upload_history by runningcollab-qa/upload-history/munge_ddc.py on a one-message sample file thatrepresents that email.


Given that, we have a few options.

1. Declare "garbage in, garbage out" and make no attempt to clean up thedata.

2. Do something very rigid to, instead of looking at the "Date:" headerwhich is user-specifyable, look at the mbox file envelope, which says whenthe mail system received the message. (Downside: This can be differentbased on if people are using email data from master.debian.org's archivesvs. other archives, since it amounts to the eit is

3. Do something like (2) but look at the first "Received" header involvingdebian.org. (This can be spoofed if people try, but I think that ingeneral we are only addressing misconfiguration, not intentional aims tomislead.)

4. Use the Date header that is in the changes file itself -- for example,that is "Date: Tue, 24 Nov 1998 12:28:30 -0500" onhttps://lists.debian.org/debian-devel-changes/1999/02/msg00707.html ,which is sane, even though the 2019 date appears in the email message's"Date:" header

Of these, I like option (4) the best. I will implement that and submit apatch here. If there is strong disagreement, later on I can redo the workwith a different error-correction strategy.


-- Asheesh.

Reply to:

Follow-Ups:
- Bug#715216: qa.debian.org: collab-qa/upload-history: Software trusts "Date" headers which are sometimes set wrong
  - From: Asheesh Laroia <asheesh@asheesh.org>

Prev by Date: Attempting to push a code change to UDD
Next by Date: Bug#715216: qa.debian.org: collab-qa/upload-history: Software trusts "Date" headers which are sometimes set wrong
Previous by thread: Re: Attempting to push a code change to UDD
Next by thread: Bug#715216: qa.debian.org: collab-qa/upload-history: Software trusts "Date" headers which are sometimes set wrong
Index(es):
- Date
- Thread