websploit debian/watch and sourceforge

Subject: websploit debian/watch and sourceforge
From: palinuro@parrotsec.org (Lorenzo "Palinuro" Faletra)
Date: Tue, 04 Oct 2016 23:08:46 +0000
Message-id: <[🔎] ce43e454ef68ab22a16330863870499b@parrotsec.org>
In-reply-to: <[🔎] e3808656-6d98-f0b9-4774-b59318adc26c@yahoo.es>
References: <[🔎] 78a786a1705130a80caa7458c4964f69@parrotsec.org> <[🔎] e3808656-6d98-f0b9-4774-b59318adc26c@yahoo.es>


On 2016-10-04 21:04, Marcos Fouces wrote:
> Hi Lorenzo and team,
> 
> You obtain a different tarball cloning the master branch github
> repository than downloading the sourceforge tarball. The upstream
> added the file install.sh to sf tarball. I don't believe that is an
> issue and the tarball is surely not damaged.

here the error, the file uscan gave to me is attached

Unknown or no compression used in ../WebSploit-Framework-3.0.0.tar.gz. 
at /usr/bin/mk-origtargz line 385.
uscan: error: mk-origtargz --package websploit --version 3.0.0 
--compression gzip --directory .. --copyright-file debian/copyright 
../WebSploit-Framework-3.0.0.tar.gz gave error exit status 255


> AFAIK, we cannot use a git repo to monitor releases if upstream don't 
> uses tags.

this is why i have specified that their github repo doesn't have any 
tags

> 
> Cheers,
> 
> Marcos
> 
> El 04/10/16 a las 22:24, Lorenzo "Palinuro" Faletra escribi?:
>> Hi, i have tried to test the download of the orig tar of websploit by 
>> using uscan and i have noticed that the copy of the file available at 
>> sourceforge seems to be damaged, i have tried to dump the full list of 
>> sourceforge mirrors and get the file from all of them without results.
>> 
>> Should we contact the software maintainers to ask them to re-upload 
>> the files?
>> 
>> Should we use a different source in the watch file? (they have a 
>> github repo without releases/tags)
>> 

-- 
----


Lorenzo "Palinuro" Faletra

Frozenbox Network
Parrot Security

GPG ID: F4C6B9A4
GPG FINGERPRINT: B350 5059 3C2F 7656 40E6  DDDB 97CA A129 F4C6 B9A4

GPG Info: 
http://pgp.mit.edu/pks/lookup?op=vindex&search=0x97CAA129F4C6B9A4
GPG Key: http://pgp.mit.edu/pks/lookup?op=get&search=0x97CAA129F4C6B9A4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: WebSploit-Framework-3.0.0.tar.gz
Type: application/x-tar
Size: 1317376 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-security-team/attachments/20161004/73772eca/attachment-0001.tar>

Reply to:

References:
- websploit debian/watch and sourceforge
  - From: palinuro@parrotsec.org (Lorenzo "Palinuro" Faletra)
- websploit debian/watch and sourceforge
  - From: mfouces@yahoo.es (Marcos Fouces)

Prev by Date: RE
Next by Date: binwalk 2.1.1-15 MIGRATED to testing
Previous by thread: websploit debian/watch and sourceforge
Next by thread: RE
Index(es):
- Date
- Thread