Package: devscripts Version: 2.18.11 Severity: normal Dear Maintainer,
when trying to see if there are new upstream inkscape versions I noticed that "uscan --report --dehs" seems to behave in an unexpected way when the watch file has pgpmode=previous. This is how to reproduce the issue: ----------------------------------------------------------------------- $ wget https://salsa.debian.org/multimedia-team/inkscape/raw/master/debian/watch -O inkscape.watch $ uscan --package inkscape --upstream-version 0 --dehs --watchfile inkscape.watch <dehs> uscan: Newest version of inkscape on remote site is 0.92.3, local version is 0 uscan: => Newer package available from https://launchpad.net/inkscape/0.92.x/0.92.3/+download/inkscape-0.92.3.tar.bz2 uscan warn: Nothing was downloaded before, skipping pgp check <package>inkscape</package> <warnings>Nothing was downloaded before, skipping pgp check</warnings> </dehs> ----------------------------------------------------------------------- I would have expected uscan to report the latest upstream version in the XML even if it was not able to verify the signature, as --package implies --no-download and --skip-signature (equivalent to --report). The same problem can be seen with a more usual: ----------------------------------------------------------------------- $ apt-get source inkscape $ cd inkscape-0.92.3/ $ uscan --report --upstream-version 0 --dehs <dehs> uscan: Newest version of inkscape on remote site is 0.92.3, local version is 0 uscan: => Newer package available from https://launchpad.net/inkscape/0.92.x/0.92.3/+download/inkscape-0.92.3.tar.bz2 uscan warn: Nothing was downloaded before, skipping pgp check <package>inkscape</package> <warnings>Nothing was downloaded before, skipping pgp check</warnings> </dehs> ----------------------------------------------------------------------- This might be the cause of the failed upstream version detection for inkscape fail on the tracker pages: - https://packages.qa.debian.org/i/inkscape.html (see "problems") - https://tracker.debian.org/pkg/inkscape (see "action needed") BTW "uscan --upstream-version 0 --dehs" (i.e. trying to download stuff) works fine with inkscape, so the watch file itself should be good. Not sure how much this is related to: - https://salsa.debian.org/debian/devscripts/merge_requests/69 - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910910 Thank you, Antonio P.S. I noticed that in the inkscape case signature verification is performed even if "--no-signature" is passed: $ uscan --upstream-version 0 --no-signature is this worth a separate report? I also noticed that some extra info is still printed to STDOUT when --dehs is used while the man page says that non-XML output would be written to STDERR, this can be reproduced with: $ uscan --upstream-version 0 --dehs 2> /dev/null I can send a separate report for that if needed. -- Package-specific info: --- /etc/devscripts.conf --- --- ~/.devscripts --- BTS_SMTP_HOST=localhost:2525 BTS_CACHE=no AUTO_LINTIAN=${AUTO_LINTIAN:-yes} DEBCHANGE_RELEASE_HEURISTIC=changelog -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), LANGUAGE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages devscripts depends on: ii dpkg-dev 1.19.2 ii fakeroot 1.23-1 ii file 1:5.34-2 ii gnupg 2.2.12-1 ii gpgv 2.2.12-1 ii libc6 2.28-4 ii libfile-homedir-perl 1.004-1 ii libfile-which-perl 1.23-1 ii libipc-run-perl 20180523.0-1 ii libmoo-perl 2.003004-2 ii libwww-perl 6.36-1 ii patchutils 0.3.4-2 ii perl 5.28.1-3 ii python3 3.7.1-3 ii sensible-utils 0.0.12 ii wdiff 1.2.2-2+b1 Versions of packages devscripts recommends: ii apt 1.8.0~alpha3 ii at 3.1.23-1 ii curl 7.62.0-1 ii dctrl-tools 2.24-3 ii debian-keyring 2018.12.24 ii dput 1.0.2 ii equivs 2.2.0 ii libdistro-info-perl 0.20 ii libdpkg-perl 1.19.2 ii libencode-locale-perl 1.05-1 ii libgit-wrapper-perl 0.048-1 ii libgitlab-api-v4-perl 0.15-1 ii liblist-compare-perl 0.53-1 ii liblwp-protocol-https-perl 6.07-2 ii libsoap-lite-perl 1.27-1 ii libstring-shellquote-perl 1.04-1 ii libtry-tiny-perl 0.30-1 ii liburi-perl 1.74-1 ii licensecheck 3.0.31-3 ii lintian 2.5.121 ii man-db 2.8.5-1 ii patch 2.7.6-3 ii python3-apt 1.7.0 ii python3-debian 0.1.33 ii python3-magic 2:0.4.15-2 ii python3-requests 2.20.0-2 ii python3-unidiff 0.5.4-1 ii python3-xdg 0.25-4 ii strace 4.21-1 ii unzip 6.0-21 ii wget 1.20.1-1 ii xz-utils 5.2.2-1.3 Versions of packages devscripts suggests: ii adequate 0.15.1 pn autopkgtest <none> pn bls-standalone <none> ii build-essential 12.5 pn check-all-the-things <none> pn cvs-buildpackage <none> pn devscripts-el <none> pn diffoscope <none> pn disorderfs <none> pn dose-extra <none> ii duck 0.13 pn faketime <none> ii gnuplot 5.2.6+dfsg1-1 ii gnuplot-qt [gnuplot] 5.2.6+dfsg1-1 pn how-can-i-help <none> ii libauthen-sasl-perl 2.1600-1 pn libdbd-pg-perl <none> ii libfile-desktopentry-perl 0.22-1 pn libnet-smtps-perl <none> pn libterm-size-perl <none> ii libtimedate-perl 2.3000-2 pn libyaml-syck-perl <none> ii mailutils [mailx] 1:3.5-2 pn mozilla-devscripts <none> pn mutt <none> ii openssh-client [ssh-client] 1:7.9p1-4 ii piuparts 0.95 pn postgresql-client <none> pn quilt <none> pn ratt <none> pn reprotest <none> pn svn-buildpackage <none> pn w3m <none> -- no debconf information -- Antonio Ospite https://ao2.it https://twitter.com/ao2it A: Because it messes up the order in which people normally read text. See http://en.wikipedia.org/wiki/Posting_style Q: Why is top-posting such a bad thing?