Bug#880415: devscripts: uscan - also accept https://sf.net/
Jeffrey Ratcliffe
jffry at posteo.net
Tue Oct 31 11:04:17 UTC 2017
Package: devscripts
Version: 2.17.10
Severity: wishlist
The following watch file works fine:
version=4
opts="pgpsigurlmangle=s/$/.asc/" \
http://sf.net/gscan2pdf/gscan2pdf-(.+)\.tar\.xz debian uupdate
apart from lintian complaining:
I: gscan2pdf source: debian-watch-uses-insecure-uri line 3
N:
N: The watch file uses an unencrypted transport protocol for the URI.
It is
N: recommended to use a secure transport such as HTTPS for anonymous
N: read-only access.
Looking at the verbose output of uscan, it does seem to use https on the
redirected URL.
If I change http to https, then the watch file no longer works.
If I rewrite the watch file not to use the redirector, but to use https,
then it also works, but lintian complains that I should be using the
redirector.
When I contacted the maintainers of lintian, I was asked to file a bug against
uscan:
> Indeed; uscan special-cases the "http://sf.net/" URL and completely
> rewrites it. I think the best solution would be for uscan to also
> accept "https://sf.net/"
[...]
> Technically, we can special-case it in lintian to skip the warning here.
> But I prefer not giving mixed signals about whether a "http" url is
> secure or not. Among other because not all tools have the special magic
> for rewriting the URL to Debian's sourceforge redirector.
And indeed, I think this would be the cleanest solution.
I would be grateful if you could implement this.
-- Package-specific info:
--- /etc/devscripts.conf ---
--- ~/.devscripts ---
DEBSIGN_KEYID=110FCAF3
-- System Information:
Debian Release: buster/sid
APT prefers oldstable-updates
APT policy: (500, 'oldstable-updates'), (500, 'testing'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages devscripts depends on:
ii dpkg-dev 1.18.24
ii libc6 2.24-17
ii libfile-homedir-perl 1.002-1
ii perl 5.26.0-8
ii python3 3.6.3-1
Versions of packages devscripts recommends:
ii apt 1.5
ii at 3.1.20-3
ii curl 7.56.1-1
ii dctrl-tools 2.24-2+b1
ii debian-keyring 2017.08.28
ii dput 1.0.1
ii equivs 2.1.0
ii fakeroot 1.22-1
ii file 1:5.32-1
ii gnupg 2.2.1-4
ii gnupg2 2.2.1-4
ii libdistro-info-perl 0.17
ii libdpkg-perl 1.18.24
ii libencode-locale-perl 1.05-1
ii libgit-wrapper-perl 0.047-1
ii liblist-compare-perl 0.53-1
ii liblwp-protocol-https-perl 6.07-2
ii libsoap-lite-perl 1.22-1
ii liburi-perl 1.72-2
ii libwww-perl 6.27-1
ii licensecheck 3.0.31-2
ii lintian 2.5.55
ii man-db 2.7.6.1-2
ii patch 2.7.5-1+b2
ii patchutils 0.3.4-2
ii python3-apt 1.4.0~beta3+b1
ii python3-debian 0.1.31
ii python3-magic 1:5.32-1
ii python3-requests 2.18.1-1
ii python3-unidiff 0.5.4-1
ii python3-xdg 0.25-4
ii sensible-utils 0.0.10
ii strace 4.15-2
ii unzip 6.0-21
ii wdiff 1.2.2-2
ii wget 1.19.1-4
ii xz-utils 5.2.2-1.3
Versions of packages devscripts suggests:
pn adequate <none>
ii autopkgtest 5.0.2
pn bls-standalone <none>
ii bsd-mailx [mailx] 8.1.2-0.20160123cvs-4
ii build-essential 12.4
pn check-all-the-things <none>
pn cvs-buildpackage <none>
pn devscripts-el <none>
pn diffoscope <none>
pn disorderfs <none>
pn dose-extra <none>
pn duck <none>
pn faketime <none>
pn gnuplot <none>
ii gpgv 2.2.1-4
pn how-can-i-help <none>
ii libauthen-sasl-perl 2.1600-1
ii libfile-desktopentry-perl 0.22-1
pn libnet-smtps-perl <none>
pn libterm-size-perl <none>
ii libtimedate-perl 2.3000-2
pn libyaml-syck-perl <none>
pn mozilla-devscripts <none>
ii mutt 1.8.3+neomutt20170609-2+b1
ii openssh-client [ssh-client] 1:7.6p1-2
pn piuparts <none>
ii quilt 0.63-8.1
pn ratt <none>
pn reprotest <none>
pn svn-buildpackage <none>
ii w3m 0.5.3-34
-- no debconf information
More information about the devscripts-devel
mailing list