Package: dput-ng Version: 1.44 Severity: important In an integration involving multiple uploads of the same source package from Debusine to reprepro at similar times, we found that dput-ng's sftp method is apparently willing to silently (or at least without a hard error) overwrite files on the destination, whereas the ftp method will fail in that situation. This meant that uploads were sometimes rejected because their .orig.tar had already been removed.
The ftp method's behaviour seems to be an emergent property of typical anonymous FTP setups rather than deliberate behaviour of the dput-ng method, but nevertheless I think it would be more useful if the sftp method behaved the same way. It isn't 100% obvious how to do this in a non-racy way with paramiko since the `put` method doesn't support exclusive opens, but `put` is just a wrapper around some lower-level methods and `open` supports "x" in the mode argument, so it should be possible. (It might make sense for --force to override this. It's a bit of an extension from how it's currently defined - "Force an upload, even if the upload log exists already" - but it seems to me that you'd want to override my proposed behaviour in the same sorts of situations.) -- Colin Watson (he/him) [[email protected]] -- System Information: Debian Release: forky/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: arm64 Kernel: Linux 6.18.12+deb14-amd64 (SMP w/12 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages dput-ng depends on: ii python3 3.13.9-3 ii python3-dput 1.44 dput-ng recommends no packages. Versions of packages dput-ng suggests: pn dput-ng-doc <none> ii python3-mastodon 2.1.3-2 pn python3-tweepy <none> ii rsync 3.4.1+ds1-7 -- no debconf information
