proftpd DSA

Salvatore Bonaccorso carnil at debian.org
Fri Dec 6 22:28:50 GMT 2024


Hi Hilmar,

On Fri, Dec 06, 2024 at 04:33:00PM +0100, Preuße, Hilmar wrote:
> Am 06.12.2024 um 15:31 schrieb Moritz Mühlenhoff:
> > On Fri, Dec 06, 2024 at 03:01:16PM +0100, Preuße, Hilmar wrote:
> 
> Hello,
> 
> > > I tried to upload 2 times, last time this morning. It still reads:
> > > 
> > > 'proftpd-dfsg_1.3.8+dfsg-4+deb12u4.dsc' has mismatching md5sum from the
> > > external files db ('a9304d006abbd1a047a9d7abfd76eb0c' [current] vs
> > > '215cf3e1c3973d8dcaccdb2b998d9450' [external])
> > > 
> > > where 215cf3e1c3973d8dcaccdb2b998d9450 is the checksum of the dsc file I
> > > tried to push to pu initially. Is there still something to do from server
> > > side or should I simply retry?
> > 
> > I think on the server side it's all fine, but could you please re-sign the
> > changes file? This might be the remaining thing to dak to re-try.
> > 
> 
> Did so already, else it complained:
> 
> "Signature for changes file was already seen at 2024-12-05 17:50:19.859246.
> Please refresh the signature of the changes file if you want to upload it
> again."
> 
> No success. ;-(

Each time a changes is seen by dak, to avoid replay attacks, you need
a fresh signature. But there is someting odd going on, so asked
ftp-master to look into it.

Worst-case we can workaround it by bumping the version. But if we can
give ftp-master bit of time to look into it, I think that would be
good.

Regards,
Salvatore



More information about the Pkg-proftpd-maintainers mailing list