Your message dated Wed, 04 Jul 2018 20:47:10 +0000
with message-id <[email protected]>
and subject line Bug#879207: fixed in devscripts 2.17.6+deb9u2
has caused the Debian Bug report #879207,
regarding devscripts: uscan - also accept https://sf.net/
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
879207: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879207
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: devscripts
Version: 2.17.10
Severity: wishlist
The following watch file works fine:
version=4
opts="pgpsigurlmangle=s/$/.asc/" \
http://sf.net/gscan2pdf/gscan2pdf-(.+)\.tar\.xz debian uupdate
apart from lintian complaining:
I: gscan2pdf source: debian-watch-uses-insecure-uri line 3
N:
N: The watch file uses an unencrypted transport protocol for the URI.
It is
N: recommended to use a secure transport such as HTTPS for anonymous
N: read-only access.
Looking at the verbose output of uscan, it does seem to use https on the
redirected URL.
If I change http to https, then the watch file no longer works.
If I rewrite the watch file not to use the redirector, but to use https,
then it also works, but lintian complains that I should be using the
redirector.
When I contacted the maintainers of lintian, I was asked to file a bug against
uscan:
> Indeed; uscan special-cases the "http://sf.net/"; URL and completely
> rewrites it. I think the best solution would be for uscan to also
> accept "https://sf.net/";
[...]
> Technically, we can special-case it in lintian to skip the warning here.
> But I prefer not giving mixed signals about whether a "http" url is
> secure or not. Among other because not all tools have the special magic
> for rewriting the URL to Debian's sourceforge redirector.
And indeed, I think this would be the cleanest solution.
I would be grateful if you could implement this.
-- Package-specific info:
--- /etc/devscripts.conf ---
--- ~/.devscripts ---
DEBSIGN_KEYID=110FCAF3
-- System Information:
Debian Release: buster/sid
APT prefers oldstable-updates
APT policy: (500, 'oldstable-updates'), (500, 'testing'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages devscripts depends on:
ii dpkg-dev 1.18.24
ii libc6 2.24-17
ii libfile-homedir-perl 1.002-1
ii perl 5.26.0-8
ii python3 3.6.3-1
Versions of packages devscripts recommends:
ii apt 1.5
ii at 3.1.20-3
ii curl 7.56.1-1
ii dctrl-tools 2.24-2+b1
ii debian-keyring 2017.08.28
ii dput 1.0.1
ii equivs 2.1.0
ii fakeroot 1.22-1
ii file 1:5.32-1
ii gnupg 2.2.1-4
ii gnupg2 2.2.1-4
ii libdistro-info-perl 0.17
ii libdpkg-perl 1.18.24
ii libencode-locale-perl 1.05-1
ii libgit-wrapper-perl 0.047-1
ii liblist-compare-perl 0.53-1
ii liblwp-protocol-https-perl 6.07-2
ii libsoap-lite-perl 1.22-1
ii liburi-perl 1.72-2
ii libwww-perl 6.27-1
ii licensecheck 3.0.31-2
ii lintian 2.5.55
ii man-db 2.7.6.1-2
ii patch 2.7.5-1+b2
ii patchutils 0.3.4-2
ii python3-apt 1.4.0~beta3+b1
ii python3-debian 0.1.31
ii python3-magic 1:5.32-1
ii python3-requests 2.18.1-1
ii python3-unidiff 0.5.4-1
ii python3-xdg 0.25-4
ii sensible-utils 0.0.10
ii strace 4.15-2
ii unzip 6.0-21
ii wdiff 1.2.2-2
ii wget 1.19.1-4
ii xz-utils 5.2.2-1.3
Versions of packages devscripts suggests:
pn adequate <none>
ii autopkgtest 5.0.2
pn bls-standalone <none>
ii bsd-mailx [mailx] 8.1.2-0.20160123cvs-4
ii build-essential 12.4
pn check-all-the-things <none>
pn cvs-buildpackage <none>
pn devscripts-el <none>
pn diffoscope <none>
pn disorderfs <none>
pn dose-extra <none>
pn duck <none>
pn faketime <none>
pn gnuplot <none>
ii gpgv 2.2.1-4
pn how-can-i-help <none>
ii libauthen-sasl-perl 2.1600-1
ii libfile-desktopentry-perl 0.22-1
pn libnet-smtps-perl <none>
pn libterm-size-perl <none>
ii libtimedate-perl 2.3000-2
pn libyaml-syck-perl <none>
pn mozilla-devscripts <none>
ii mutt 1.8.3+neomutt20170609-2+b1
ii openssh-client [ssh-client] 1:7.6p1-2
pn piuparts <none>
ii quilt 0.63-8.1
pn ratt <none>
pn reprotest <none>
pn svn-buildpackage <none>
ii w3m 0.5.3-34
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: devscripts
Source-Version: 2.17.6+deb9u2
We believe that the bug you reported is fixed in the latest version of
devscripts, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mattia Rizzolo <[email protected]> (supplier of updated devscripts package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 03 Jul 2018 10:37:56 +0200
Source: devscripts
Binary: devscripts
Architecture: source
Version: 2.17.6+deb9u2
Distribution: stretch
Urgency: medium
Maintainer: Devscripts Maintainers <[email protected]>
Changed-By: Mattia Rizzolo <[email protected]>
Description:
devscripts - scripts to make the life of a Debian Package maintainer easier
Closes: 869150 877440 877877 879207 895209 900963
Changes:
devscripts (2.17.6+deb9u2) stretch; urgency=medium
.
[ Osamu Aoki ]
* uscan:
+ Fix the new package version regex for filenamemangle. Closes: #869150
.
[ Cyril Brulebois ]
* debsign: Fix bash completion by using file extensions instead of
using globs. Closes: #877440
.
[ Mattia Rizzolo ]
* bts:
+ Add the new 'ftbfs' tag to the list of known tags. Closes: #900963
* debchange:
+ Update the manpage to mention that --bpo now targets stretch-backports,
not jessie-backports. Closes: #877877
* uscan:
+ Apply patch from Stephen Kitt <[email protected]> to support https in the
sf.net special redirector. Closes: #879207
* test/uscan_mangle:
+ Use a real newline instead of embedding \n in a shell variable, which
isn't portable between dash and bash, fixing FTBFS in systems using bash
as /bin/sh.
* debian/control:
+ Change maintainer email from alioth to [email protected].
+ Move the Git repository to salsa.debian.org.
.
[ Christoph Berg ]
* debcheckout:
+ Support salsa.debian.org.
.
[ Adam D. Barratt ]
* debdiff:
+ Sort shlibs files before comparing. The order of entries is not
significant.
.
[ Lev Lazinskiy ]
* uscan:
+ Handle --copy argument. Closes: #895209; MR !22
Checksums-Sha1:
e977e9b7d6bfe9ee2c16e4820fd9397e7d44ddd9 2328 devscripts_2.17.6+deb9u2.dsc
9dcd489507701372973242c3d4d3dd4104ba7a35 690896 devscripts_2.17.6+deb9u2.tar.xz
d690a16b475212fd2b9b6c6b535fac3315d59b5a 10032
devscripts_2.17.6+deb9u2_amd64.buildinfo
Checksums-Sha256:
f81005ae132bbc96ead5c1f516848410762aa353e153cd018ec7cd76d3ee0510 2328
devscripts_2.17.6+deb9u2.dsc
1dcca3049b938d33a32ece515feeb261d60e530aa84de99c030ec3d2a7680601 690896
devscripts_2.17.6+deb9u2.tar.xz
7d33d9ea95f94a3e3f77b7bd6b257d40228ecd79f9ab8ba17d06e685ef5c93f4 10032
devscripts_2.17.6+deb9u2_amd64.buildinfo
Files:
612a6948443a7aa6d27ae26090077048 2328 devel optional
devscripts_2.17.6+deb9u2.dsc
00e8a4783436f3e40aa568df0bf8672b 690896 devel optional
devscripts_2.17.6+deb9u2.tar.xz
ee3bac858490367a7216e0352ecb8a43 10032 devel optional
devscripts_2.17.6+deb9u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAls7OAUACgkQCBa54Yx2
K63a+g//SKR8RdxSLBD7b0iQZEBkyZGCT6FtcmAYjvA+d7bU3dxTw6byfzXL+F4V
YgSwTiAp3Ie8vH/KSGPog4iAOmZDZSfHkJO7SrxbwSbzbm9Or5iya2DF6KqCXTRD
OgNEQmMLfxVPpaTnXNOxCiLFCpZes5X7TszPgEXWU2PA4OmfGAR4Kx0SEkoGHqr3
ZWaXdBqrQQF7D7NNoam1vsPi+Op1WR5vPjAVhGibq3z7cTbdH9cWC1EnRiOYQkhw
foJcVQ479pFpCUU1cC99uDBSMmLA+lAy02HBBcf7zmJ0Vjf+hAseSFXvbeZJIM9S
OnIpMJdMamBAKvC7TspWALPOh/4cyKm1cff3bR5/8buEPyx6DUAhH7WDTDAhwwtn
ALyeFbGqyH7/VlFxt29L7Gaz5MzCFhK5PEcvnfKPNR2ZCtQTa27NQ3jaOyJmtN/Y
+Cbij+0PTTbN9uGNakgZbJL5juSWspPC21a6b7WI9fiEVUgBlDe6fLnxXRubFqXl
RyaZuLIYT0mV35rDEjCbVeWO1M2ZAwSbQCSVJGJMJU06dxZ/ouDiDQyNERQjajnH
cS5CQfrxLkF3UazhJCHV0Dwv+N70y5t+JvKr2wRBGtfe7RFHOcNB83Cqfh0TGfHX
wqHII5SI9aT+g8yy8YsDvi8GoY/8O654J9NOYM0zQ/T90tN/tCU=
=7IJy
-----END PGP SIGNATURE-----
--- End Message ---
