Debian Bug report logs - #637563
ftp.debian.org: please add missing SHA-1 and SHA-256 hashes to Sources/Packages

Package: ftp.debian.org; Maintainer for ftp.debian.org is Debian FTP Master <ftpmaster@ftp-master.debian.org>;

Reported by: Paul Wise <pabs@debian.org>

Date: Fri, 12 Aug 2011 16:18:01 UTC

Severity: normal

Tags: security

Done: Joerg Jaspert <joerg@ganneff.de>

Bug is archived. No further changes may be made.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian FTP Master <ftpmaster@ftp-master.debian.org>:
Bug#637563; Package ftp.debian.org. (Fri, 12 Aug 2011 16:18:04 GMT) (full text, mbox, link).

Acknowledgement sent to Paul Wise <pabs@debian.org>:
New Bug report received and forwarded. Copy sent to Debian FTP Master <ftpmaster@ftp-master.debian.org>. (Fri, 12 Aug 2011 16:18:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Paul Wise <pabs@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: ftp.debian.org: please add missing SHA-1 and SHA-256 hashes to Sources/Packages
Date: Fri, 12 Aug 2011 18:14:59 +0200
[Message part 1 (text/plain, inline)]
Package: ftp.debian.org
Severity: normal
Tags: security

I noticed that some source packages in Debian do not have SHA-1 and
SHA-256 hashes in the Sources files. It appears that everything uploaded
before support for these was added to dpkg-dev in 2008 is missing these
hashes. Two examples are abook from experimental main and afbinit in
testing contrib. I guess SHA-1 hashes haven't been computed for old
packages. Please check the archive for missing hashes, compute them and
start publishing them in the archive. I didn't find any binary packages
missing newer hashes but please check those too. In some Debian
derivatives I found newer hashes for the orig.tar.gz, diff.gz and
debian.tar.gz but that the hashes for dsc files were missing, so please
check every file in the archive for missing hashes.

-- 
bye,
pabs

http://wiki.debian.org/PaulWise

[signature.asc (application/pgp-signature, inline)]

Reply sent to Joerg Jaspert <joerg@ganneff.de>:
You have taken responsibility. (Thu, 08 Sep 2011 05:57:08 GMT) (full text, mbox, link).

Notification sent to Paul Wise <pabs@debian.org>:
Bug acknowledged by developer. (Thu, 08 Sep 2011 05:57:08 GMT) (full text, mbox, link).

Message #10 received at 637563-done@bugs.debian.org (full text, mbox, reply):

From: Joerg Jaspert <joerg@ganneff.de>
To: 637563-done@bugs.debian.org
Subject: done
Date: Thu, 08 Sep 2011 07:50:06 +0200
[Message part 1 (text/plain, inline)]
dak@franck:/srv/ftp-master.debian.org/lock$ dak check-archive add-missing-source-checksums
Added 6709 missing entries for Checksums-Sha1
Added 6709 missing entries for Checksums-Sha256

Thanks go to Ansgar who provided the code.

-- 
bye, Joerg
<ribnitz> Ganneff: NM-queue ist das schnellste zu uploadrechten für ein paket,
	oder?
<youam> ach aqua^Wribnitz

[Message part 2 (application/pgp-signature, inline)]

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 06 Oct 2011 07:36:06 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Oct 16 22:58:15 2025; Machine Name: berlioz

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.