Bug#1050711: dgit erroneously allowed an upload reusing a version number
Control: severity 1050711 important Control: retitle 1050713 mixed team workflows incl. --overwrite, split brain I think #1050711 and #1050924 are *probably* the same bug, but I asked Phil to submit a new one anyway. There are some difference between them, notably whether the wrong-version is the same as, or older than, the current archive version, and also maybe the state on the dgit git server was different. That two users experienced this in such a short space of time is an odd coincidence. dgit hasn't changed; maybe there's something in the air. An underlying cause seems to be that we now have people doing "team uploads" with dgit when some other team members *don't* use dgit, and maybe object to certain aspects of dgit's outputs. Our defaults, and documentation, don't support this use case very well. Let's think about that as part of #1050713 Ian. -- Ian JacksonThese opinions are my own. Pronouns: they/he. If I emailed you from @fyvzl.net or @evade.org.uk, that is a private address which bypasses my fierce spamfilter.
Bug#1050711: dgit erroneously allowed an upload reusing a version number
Package: dgit Version: 11.2 Sevrity: important Helmut reports that dgit made an upload of debhelper 13.11.5 even though that version was already in the archive (and had been for some time). This does seem to be the case, since on the dgit git server we see: archive/debian/13.11.5 debian/13.11.5 pointing to f957e45d9f76317bb58b6163ddb27bd874baa916 which is a manual merge of the salsa branch with a dgit history 259ab8a0d17d9846ae80a157b6636e9d22be131a which is a dgit-generated psuedomerge of its dsc import of 13.11.5. We don't have a transcript of this, nor do we know for sure which options were supplied, but I think the before-trouble situation looked like this: * The previous upload, 13.11.5, was not done with dgit * We're on a commit which is ff from the dgit git server branch * The debian/changelog says 13.11.5 In this situation, dgit ought to have prevented the upload. I am trying to reproduce the problem with dgit-test-dummy. I have done a non-dgit upload of 1.37. I am waiting for this to be available on mirrors, and when it is I will see what happens when I try to do a re-upload of a different-history version of 1.37. Ian. -- Ian JacksonThese opinions are my own. Pronouns: they/he. If I emailed you from @fyvzl.net or @evade.org.uk, that is a private address which bypasses my fierce spamfilter.
