proftpd DSA

Salvatore Bonaccorso carnil at debian.org
Sat Dec 7 09:28:56 GMT 2024


Hi,

On Fri, Dec 06, 2024 at 11:28:50PM +0100, Salvatore Bonaccorso wrote:
> Hi Hilmar,
> 
> On Fri, Dec 06, 2024 at 04:33:00PM +0100, Preuße, Hilmar wrote:
> > Am 06.12.2024 um 15:31 schrieb Moritz Mühlenhoff:
> > > On Fri, Dec 06, 2024 at 03:01:16PM +0100, Preuße, Hilmar wrote:
> > 
> > Hello,
> > 
> > > > I tried to upload 2 times, last time this morning. It still reads:
> > > > 
> > > > 'proftpd-dfsg_1.3.8+dfsg-4+deb12u4.dsc' has mismatching md5sum from the
> > > > external files db ('a9304d006abbd1a047a9d7abfd76eb0c' [current] vs
> > > > '215cf3e1c3973d8dcaccdb2b998d9450' [external])
> > > > 
> > > > where 215cf3e1c3973d8dcaccdb2b998d9450 is the checksum of the dsc file I
> > > > tried to push to pu initially. Is there still something to do from server
> > > > side or should I simply retry?
> > > 
> > > I think on the server side it's all fine, but could you please re-sign the
> > > changes file? This might be the remaining thing to dak to re-try.
> > > 
> > 
> > Did so already, else it complained:
> > 
> > "Signature for changes file was already seen at 2024-12-05 17:50:19.859246.
> > Please refresh the signature of the changes file if you want to upload it
> > again."
> > 
> > No success. ;-(
> 
> Each time a changes is seen by dak, to avoid replay attacks, you need
> a fresh signature. But there is someting odd going on, so asked
> ftp-master to look into it.
> 
> Worst-case we can workaround it by bumping the version. But if we can
> give ftp-master bit of time to look into it, I think that would be
> good.

I got no reply overnight. But at least two dinstall runs happenened in
meanwhile.

If you want to try once more: Do resign the stuff freschly and upload.
if you do get another reject, let's workaround it then with bumping
the version to +deb12u5 for the bookworm-security upload and upload
that to security-master.

Regards,
Salvatore



More information about the Pkg-proftpd-maintainers mailing list