Your message dated Thu, 19 Dec 2019 16:04:44 +0000 with message-id <[email protected]> and subject line Bug#929429: fixed in lintian 2.42.0 has caused the Debian Bug report #929429, regarding lintian: Check for concatenated repeated sigs in upstream signatures to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 929429: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929429 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: lintian Version: 2.14.0 Severity: wishlist Hi! The mk-origtargz program from devscripts was producing bogus upstream tarball .asc files. It would be nice if this could be warned, so that people know this is the case and so that they have sufficient data to decide whether to fix it right away or wait for the next version bump. The problems vary in severity though: - Doubly armored files. Can be easily detected with the equivalent «grep -q ^LS0tLS1CRUd». - Bogus Armor Header Lines. Usage of /ARMORED FILE/ instead of /SIGNATURE/. - Superfluous Armor Fields. Presence of /^Version:/ and /^Comment:/. - There was also the possibility of concatenated repeated signatures. I'm not sure this has occurred in the Debian archive though, but uscan when invoked multiple times would produce this. It might be worth checking anyway, because even if this might not affect the Debian archive it might affect third party packaging. Fixing this requires modifying one of the upstream source files, so it cannot be done w/o bumping the version number. This is the equivalent of a tarball repack, so something like +ds or similar needs to be added to the upstream version string to be able to avoid collisions. I sent a mail about all this to debian-devel some weeks ago: <https://lists.debian.org/debian-devel/2019/04/msg00459.html> Thanks, Guillem
--- End Message ---
--- Begin Message ---Source: lintian Source-Version: 2.42.0 We believe that the bug you reported is fixed in the latest version of lintian, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chris Lamb <[email protected]> (supplier of updated lintian package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 19 Dec 2019 12:01:30 +0000 Source: lintian Architecture: source Version: 2.42.0 Distribution: unstable Urgency: medium Maintainer: Debian Lintian Maintainers <[email protected]> Changed-By: Chris Lamb <[email protected]> Closes: 33486 471537 546525 635068 796352 892127 907727 929429 929434 929435 929436 946471 946763 Changes: lintian (2.42.0) unstable; urgency=medium . [ Felix Lechner ] * Add new checks to identify and notify about issues in upstream signatures. (Closes: #929429, #929434, #929435, #929436) * Do not consider manpages from related packages when looking for manpages without executables. (Closes: #946471) * Add a new check for unsafe mailcap entries. (Closes: #33486) * Add new Fortran checks to validate module versions and prerequisites. (Closes: #796352) * Add new checks for empty upstream sources and for when repackaged sources are not properly advertised as such. (Closes: #471537) * Drop the source-contains-empty-directory tag as it was mostly ignored. (Closes: #907727) * Remove the bogus service-key-has-whitespace tag. (Closes: #946763) * Check TrueType and OpenType fonts for licensing terms. (Closes: #635068) * Allow "boolean false" directory components in link targets. (Closes: #892127) * Add a new tag for consistent maintainer fields between changes and source processables. (Closes: #546525) * Add a new no-dh-sequencer tag to be issued when the debhelper(7) dh(1) sequencer is not used. . [ Guido Günther ] * Update the PureOS distribution names in the "vendor" configuration. . [ Louis-Philippe Véronneau ] * Ensure proper VCS location for Debian Python Module Team and Debian Python Application Team packages. Checksums-Sha1: f1ed7ac12129ac517705352c3ba1f19864fbc8c9 4101 lintian_2.42.0.dsc cdf18f0edfc99dcea694a1ec3c5d9c29fa10f5fd 1863732 lintian_2.42.0.tar.xz b4f494cbe36c00ec6986974a80eaa7c06edfa173 17093 lintian_2.42.0_amd64.buildinfo Checksums-Sha256: 64cecdede23147d2ed64b8be4d26719c5864566b198a54db9e86b0a51a83ba42 4101 lintian_2.42.0.dsc a7d87722f7655f02f52e9dacbe89a9d06f3e627477e4b1909788b721da303542 1863732 lintian_2.42.0.tar.xz 55c5d539128db032156848094b13c6150fa475f3fd88b2b8261e68fd28808924 17093 lintian_2.42.0_amd64.buildinfo Files: 3d59d95528554e9a600f327b119ce7c3 4101 devel optional lintian_2.42.0.dsc b83304938a0cfea28ec954c8291590c0 1863732 devel optional lintian_2.42.0.tar.xz 028b77ccc1cc789d2659bdd0cde6f362 17093 devel optional lintian_2.42.0_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl37nM4ACgkQHpU+J9Qx Hlhptw/9EyvgZt+srER2fEKKQfNscJqrsm9k5phO/qODANWytmW4BNYfyURZ8XU0 4y/DKRuP9O5YfPJxBpdI208HZEPVqsApwCSHErSug2InCv6zRWRXGDO4ODsEs0bB zDpg5VjnMh1ggXNdvWKrbTEi7nvsamcUuKVOgaU1AqH0CpgvTic0g9lBQ7bs191D 4FTEBuY0Y+Aa/rOuE1y9upPvM5a7c+8/qFT1Lua5zO1oWI6mIqCGPLglTs5TXczk pvbETjDOJhABAEj8Cam9O340iDNYIFsW1RvN+nk+2p+HCHWN9a/7NbuXpubyjAZL rDOf8zxVZ+V08+ivVz5kugIkgVnOqno7T1P1zHfsFNh2iwfhm0ZokGyLhaiB5iNm yBI3Rv+Ms4iXtrbndUZdrvrUaxti6vxda2BKSXqWOMdZW2BMJku5/cd7iQ/0+gLA lpOeIBf8YKl+jIL+KqPpE6LedUYjhEqqrgkrDpoLktHWalz9nMSXlCAeoL+WHG52 NhnrP0UpeRYqkKMGLQ5IsnR91XhaoFFkqKYu1MItWHvkZppPIc6s8W0nn+dmCzd0 g2hL3mtSJGQpmJp8/cFLq2KCtFNJY8DIaF0VyxPmDuFklc9SqD0/iUXm1j6yNlH3 7UXM7IzCv4ZtdwTEpZfZFwfOJXexo7NVwyjx+XKynRlEXUrOVF8= =aGY/ -----END PGP SIGNATURE-----
--- End Message ---
