There is 1 open security issue in sid.
There is 1 open security issue in forky.
commit 82caebaee2382c7befe6128ba1de7de73217faee
Author: Yadd <yadd@debian.org>
Date: Thu Nov 6 06:36:09 2025 +0100
uscan: accept also "Dist" into Github template like other templates
commit 66360fb767d0bd6a3960cc9ba0cbb135c3d18666
Author: Hugh McMaster <hmc@debian.org>
Date: Sun Nov 23 22:05:52 2025 +1100
uscan/Git.pm: Call 'show-ref' and 'ls-remote' with '--tags'
commit 017e3a20fef4d36f99bb8d91b2011b03d966b330
Author: Hugh McMaster <hmc@debian.org>
Date: Thu Nov 20 23:50:55 2025 +1100
uscan/WatchSource.pm: Update some output messages
commit 1af9a714002dca9a485ffb106ab37f570eae5dff
Author: Hugh McMaster <hmc@debian.org>
Date: Thu Nov 20 23:27:08 2025 +1100
uscan/Git.pm: Set $newfile as a remote reference in upstream mode
Closes: #1120533
commit 3a308a31b3089afeb5909b321c43eb0d1ca0dc91
Author: Hugh McMaster <hmc@debian.org>
Date: Wed Nov 19 23:11:59 2025 +1100
uscan/Git.pm: Update 'git upstream' code path and debug output
commit 581a30cfea4feaa4bdc6dda3a6d58ab7839c67be
Author: Hugh McMaster <hmc@debian.org>
Date: Wed Nov 19 23:01:21 2025 +1100
uscan/Git.pm: Remove 'eval' wrapper
commit cdde301c8b797e4c68821b3a16b2cd9f8bddc0d4
Author: Guillem Jover <guillem@debian.org>
Date: Mon Dec 2 02:25:53 2024 +0100
debdiff: Add support for new --no-check option
The debdiff command can compare a couple of Debian source packages
(.dsc), but it needs to unpack them first with dpkg-source. That
command will check the checksums and the signatures.
The problem is that letting dpkg-source verify the signatures can be
confusing for users when we are sure the provenance of the .dsc is from
a signed and verified Debian repository, as the signatures or the keys
that made them might have expired, or been revoked, the keys might be
using weak algorithms, or the keys might not even be present in the
keyrings if the holders are no longer project members.
In the context of a signed repository their primary purpose is to
transfer the trust anchor from the uploader to the archive software,
which can then handle metaindices resigning, key rotation, expiration,
etc, which do not suffer from the problems with a one-time static
signature.
It would then be helpful to have an option that can be used to request
passing --no-check (f.ex.) to dpkg-source so that it avoids doing such
checks (when we can guarantee the safe provenance of the .dsc), in a
similar way how apt passes it too on «apt source».
This is a blocker to be able to fix #1016087 in apt-listdifferences.
Closes: #1016135
(cherry picked from commit 1d14413705286ca09e1f6e6adb16d9718dfbfd74)
Signed-off-by: Holger Levsen <holger@layer-acht.org>
commit 506f96a06dd78ccb32c1b937141eeb33bd6d6b9d
Author: Holger Levsen <holger@layer-acht.org>
Date: Sat Nov 22 19:09:56 2025 +0100
Start 2.25.28 development.
d/changelog entries will be written on release
using the git commit messages.
Use 'gbp dch --since v2.25.27 --multimaint-merge'
to write d/changelog entries since that last release.
Gbp-Dch: ignore
Signed-off-by: Holger Levsen <holger@layer-acht.org>
There is 1 open security issue in trixie.
You can find information about how to handle this issue in the security team's documentation.
There is 1 open security issue in bookworm.
You can find information about how to handle this issue in the security team's documentation.
![[bug history graph]](https://qa.debian.org/data/bts/graphs/d/devscripts.png){kind=link}