Source: drf-yasg-nonfree Version: 1.20.1-1 Severity: serious User: de...@kali.org Usertags: origin-kali
drf-yasg-nonfree 1.20.1-1 was uploaded as source only on January 23th, the lack of binaries ended up in the package being removed by dak's auto-cruft. Then the maintainer rebuilt a new source package while keeping the 1.20.1-1 version and uploaded it again. deb.debian.org is a CDN and keeps in cache the package files for a very long time because they are supposed to be immutable so if you try to download drf-yasg-nonfree from deb.debian.org you get the first version of the package while the metadata refers to the second version and as such you get a checksum error (as I did in Kali, while trying to mirror bookworm): Wrong checksum during receive of 'http://deb.debian.org/debian/pool/non-free/d/drf-yasg-nonfree/drf-yasg-nonfree_1.20.1-1.dsc': md5 expected: 5c87ae878afc6adf6708439e2a0b4e97, got: 63c6925011f77e02306f451036181a13 sha256 expected: 2b3265636ef93b490b633cee9897c8462fb1cb42d1fb65226fb5a8601631ecd9, got: 834fa39b7b970704f936fc2a293ca47f9efc1939a62f5a33fcd0cea4e4a0767c size expected: 2467, got: 2434 This bug is just a request to upload 1.20.1-2 to get rid of this inconsistency that will last in deb.debian.org for as long as we don't upload a new version. The package has been temporarily removed from testing by Julien Cristau to make sure that mirroring bookworm out of deb.debian.org will work again shortly. -- System Information: Debian Release: bookworm/sid APT prefers stable-security APT policy: (500, 'stable-security'), (500, 'oldoldstable'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.15.0-3-amd64 (SMP w/16 CPU threads) Kernel taint flags: TAINT_WARN Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
