Monday, 21 March 2016

Re: Archive changes

Hi Colin,

On Mar 18, 2016, at 09:19 PM, Colin Watson wrote:

>This change has caused quite a bit of fallout, both in Debian and Ubuntu
>(and quite probably elsewhere). On the whole I approve of the direction
>of the changes so haven't been lobbying to have them reversed, although
>the timing is a little inconvenient! The main thing Ubuntu developers
>may have noticed is that Launchpad is currently failing to import source
>packages from Debian, so you can't yet use syncpackage for packages
>processed after the changes in the mail quoted above. I've been working
>hard on that in the latter half of this week.

Thanks for working so hard on re-enabling syncpackage. I'm building up a
stack of syncs for once this is working again. Do you have a rough ETA for
when all the fixes will land and how long it will take to clear the backlog?

> * Having upgraded debmirror, we now find that it's doing slightly
> stricter signature checking, so it fails because our
> debian-archive-keyring package is old enough that it only has one of
> the keys used to sign current Debian suites. I've requested a
> backport, which Canonical staff can track in

From the ticket, ETA for this is "1-2 weeks".

> * The program that actually does the import will also break due to the
> removal of gzip and the removal of weaker checksums. I've proposed a
> branch to fix this
> (,
> and we should be able to deploy something like this early next week.


>People running xenial may also have noticed that apt is now complaining
>on update about weak signatures on PPAs (and perhaps other archives too,
>but we have no control over those). There's a fix for this pending
>which we might amend with

sha512 branch is merged, sha384 branch is rejected.

>It never rains but it pours; but with any luck this will be enough
>catch-up work for a while once we're finished ...

Can't wait. ;)