devscripts - Debian Package Tracker

general

source: devscripts (main)
version: 2.25.15
maintainer: Devscripts Maintainers (DMD)
uploaders: Mattia Rizzolo [DMD] – Holger Levsen [DMD] – Benjamin Drung [DMD]
arch: all
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 2.21.3+deb11u1
stable: 2.23.4+deb12u2
stable-bpo: 2.25.15~bpo12+1
testing: 2.25.15
unstable: 2.25.15
exp: 2.25.17

versioned links

2.21.3+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.23.4+deb12u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.25.15~bpo12+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.25.15: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.25.17: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

devscripts (508 bugs: 0, 195, 313, 0)

action needed

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2025-8454: It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.

Created: 2025-07-14 Last update: 2025-08-10 06:32

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2025-8454: It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.

Created: 2025-08-09 Last update: 2025-08-10 06:32

45 bugs tagged patch in the BTS normal

The BTS contains patches fixing 45 bugs (47 if counting merged bugs), consider including or untagging them.

Created: 2025-01-06 Last update: 2025-08-11 11:00

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 2.25.18, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 3d19d14750d9046f2473d832990575d34ed6f3c1
Author: Sean Whitton <spwhitton@spwhitton.name>
Date:   Mon Aug 11 09:52:36 2025 +0100

    Delete git-deborig
    
    Script is moving to the git-debpush package; see #1105759.
    
    I've filed #1110822 to track copying the translated manpages.

commit dadb9289016b7a6d1c3cc7d7a289858b0fd772d8
Author: Hugh McMaster <hmc@debian.org>
Date:   Mon Aug 4 22:06:19 2025 +1000

    uscan/WatchSource.pm: Avoid leading whitespace in raw watch file output

commit cf8da4e03adccdd653b2d664e776b25e750176ca
Author: Hugh McMaster <hmc@debian.org>
Date:   Sun Aug 3 20:46:54 2025 +1000

    uscan/git.pm: Pass '--quiet' to git if not in verbose or debug mode

commit 69c4c6998cb54f32ce1fc2696a2a6071df28e580
Author: Alexandre Detiste <tchet@debian.org>
Date:   Sun Aug 3 13:28:01 2025 +0200

    remove dead code testing for former removed patch systems
    
    this 'what-patch' tool should be removed altogether
    but is still referenced in ubuntu-packaging-guide

commit 6477be741e46197985066673b88cc8eea27bc1aa
Author: Hugh McMaster <hmc@debian.org>
Date:   Sun Aug 3 19:38:00 2025 +1000

    uscan/Downloader.pm: Pass '--quiet' to git if not in verbose or debug mode

commit 2022b138679038baa8b35068ebebcfa515f746e8
Author: Otto Kekäläinen <otto@debian.org>
Date:   Tue Jul 29 10:30:54 2025 -0700

    dep-14-convert: Use 'upstream' as fallback if no merges found (Closes: #1110088)
    
    If the Debian packaging branch had never merged with any other branch,
    no candidates for an upstream branch were found. Modify script to assume
    the upstream branch can be the 'upstream' if one with that name is found
    as kind of a fall-back instead of just failing.
    
    Also extend the output produced when running with `--debug`.

commit 1b3083caf65aa457b7ec5212d7f148d18c9e5c47
Author: Hugh McMaster <hmc@debian.org>
Date:   Fri Aug 1 21:59:44 2025 +1000

    test/test_uscan*: Move containsName() to lib_test_uscan

commit 69782eb9d8695155bc3385bc61216e6230ce4597
Author: Hugh McMaster <hmc@debian.org>
Date:   Fri Aug 1 19:32:48 2025 +1000

    uscan: Better handle Git-Modules: 'yes' and 'all' values
    
    In a v4 watch file, the variable 'gitmodules' can be a boolean.
    When converting to v5 syntax, uscan declares "Git-Modules: yes".

commit 8d98ccb73ce344fb95fd48ccd0e2cab781aa3bf7
Author: Hugh McMaster <hmc@debian.org>
Date:   Fri Aug 1 18:53:29 2025 +1000

    uscan/WatchSource.pm: Remove boolean 'gitmodules' option
    
    This option is no longer supported in watch file Version 5.

commit e57fa18200e2d7cd53bf8d59f0debc575fe5f753
Author: Hugh McMaster <hmc@debian.org>
Date:   Fri Aug 1 18:47:45 2025 +1000

    test/test_uscan_git: Convert tests to watch file Version 5

commit fbf6fe49a7b4ce727385888586f1da7fffb15351
Author: Hugh McMaster <hmc@debian.org>
Date:   Wed Jul 30 23:03:31 2025 +1000

    test/test_uscan_git: Separate git submodule creation

commit dceeb5ab8d4326b6ebdcb11d0e5d873e671e54bb
Author: Hugh McMaster <hmc@debian.org>
Date:   Wed Jul 30 19:14:13 2025 +1000

    test/test_uscan_git: Separate makeDebianDirWithUpstream() functions

commit 861c9690bc35bb2238b52c3a671162cea8eb0927
Author: Hugh McMaster <hmc@debian.org>
Date:   Tue Jul 29 16:56:01 2025 +1000

    test/test_uscan_git: Remove duplicate cleanup() function

commit a68e4d7137c30d7c0f792d652b440b9e5a333bb6
Author: Yadd <yadd@debian.org>
Date:   Fri Aug 1 06:30:20 2025 +0200

    Open d/changelog for 2.25.18

commit 546f61865b2e8c20d7b5164b73b1581257d32e07
Author: Yadd <yadd@debian.org>
Date:   Wed Jul 30 19:02:55 2025 +0200

    uscan: update templates doc

commit 2e0cee31ddf4d391cba2e15815b43060aa925c9d
Author: Yadd <yadd@debian.org>
Date:   Wed Jul 30 11:54:21 2025 +0200

    uscan: update metacpan detection for --update-watchfile

commit c9dbf0c2a90a7bc2f2b5e22bf987b7446f63e975
Author: Yadd <yadd@debian.org>
Date:   Wed Jul 30 07:42:04 2025 +0200

    typo

commit 6547f58605f8dd7c9989904d5a4cdb0c855a7743
Author: Yadd <yadd@debian.org>
Date:   Tue Jul 29 21:47:09 2025 +0200

    Add libmetacpan-client-perl into suggested packages

commit c12306b4aa1f182c09a4a7dabb340c7baeb588ea
Author: Yadd <yadd@debian.org>
Date:   Tue Jul 29 21:41:24 2025 +0200

    uscan: when --update-watchfile, try to use templates

commit 8dc68bb38b2b3a02508ad04d9887f683dc1e97ad
Author: Yadd <yadd@debian.org>
Date:   Tue Jul 29 07:43:28 2025 +0200

    uscan: use @COMPONENT@ in doc
    
    Gbp-Dch: ignore

Created: 2025-07-29 Last update: 2025-08-11 10:00

Depends on packages which need a new maintainer normal

The packages that devscripts depends on which need a new maintainer are:

docbook-xsl (#802370)
- Build-Depends: docbook-xsl
svn-buildpackage (#726770)
- Suggests: svn-buildpackage

Created: 2019-11-22 Last update: 2025-08-11 08:30

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2025-05-10 Last update: 2025-08-09 03:00

lintian reports 5 warnings normal

Lintian reports 5 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2025-06-16 Last update: 2025-06-16 21:30

1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:

CVE-2025-8454: (needs triaging) It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-08-09 Last update: 2025-08-10 06:32

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2025-8454: (needs triaging) It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-07-14 Last update: 2025-08-10 06:32

news

[rss feed]

[2025-07-28] Accepted devscripts 2.25.17 (source) into experimental (Yadd) (signed by: Xavier Guimard)
[2025-07-20] Accepted devscripts 2.25.16 (source all) into experimental (Yadd) (signed by: Xavier Guimard)
[2025-07-11] Accepted devscripts 2.25.15~bpo12+1 (source) into stable-backports (Roger Shimizu)
[2025-06-21] devscripts 2.25.15 MIGRATED to testing (Debian testing watch)
[2025-06-16] Accepted devscripts 2.25.15 (source) into unstable (Holger Levsen)
[2025-06-01] devscripts 2.25.14 MIGRATED to testing (Debian testing watch)
[2025-05-26] Accepted devscripts 2.25.14 (source) into unstable (Holger Levsen)
[2025-05-22] Accepted devscripts 2.25.13 (source) into unstable (Holger Levsen)
[2025-05-20] devscripts 2.25.12 MIGRATED to testing (Debian testing watch)
[2025-05-11] Accepted devscripts 2.25.12 (source) into unstable (Holger Levsen)
[2025-05-10] devscripts 2.25.11 MIGRATED to testing (Debian testing watch)
[2025-04-29] Accepted devscripts 2.25.11 (source) into unstable (Holger Levsen)
[2025-04-29] Accepted devscripts 2.25.10~bpo12+1 (source) into stable-backports (Roger Shimizu)
[2025-04-27] devscripts 2.25.10 MIGRATED to testing (Debian testing watch)
[2025-04-17] Accepted devscripts 2.25.10 (source) into unstable (Holger Levsen)
[2025-04-16] devscripts 2.25.9 MIGRATED to testing (Debian testing watch)
[2025-04-12] Accepted devscripts 2.25.8~bpo12+1 (source all) into stable-backports (Debian FTP Masters) (signed by: Roger Shimizu)
[2025-04-12] Accepted devscripts 2.25.9 (source) into unstable (Holger Levsen)
[2025-04-09] devscripts 2.25.8 MIGRATED to testing (Debian testing watch)
[2025-04-05] Accepted devscripts 2.25.8 (source) into unstable (Holger Levsen)
[2025-04-04] devscripts 2.25.7 MIGRATED to testing (Debian testing watch)
[2025-04-01] Accepted devscripts 2.25.7 (source) into unstable (Holger Levsen)
[2025-04-01] devscripts 2.25.6 MIGRATED to testing (Debian testing watch)
[2025-03-27] Accepted devscripts 2.25.6 (source) into unstable (Holger Levsen)
[2025-02-28] devscripts 2.25.5 MIGRATED to testing (Debian testing watch)
[2025-02-25] Accepted devscripts 2.25.5 (source) into unstable (Holger Levsen)
[2025-02-23] Accepted devscripts 2.25.4 (source) into unstable (Holger Levsen)
[2025-02-21] Accepted devscripts 2.25.3 (source) into unstable (Holger Levsen)
[2025-02-08] devscripts 2.25.2 MIGRATED to testing (Debian testing watch)
[2025-02-05] Accepted devscripts 2.25.2 (source) into unstable (Holger Levsen)

bugs [bug history graph]

all: 500 513
RC: 0
I&N: 190 195
M&W: 308 316
F&P: 2
patch: 45 47

links

lintian (0, 5)
buildd: logs, exp, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots
l10n (93, -)
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.25.15
44 bugs (2 patches)