websploit debian/watch and sourceforge
Marcos Fouces
mfouces at yahoo.es
Tue Oct 4 21:04:55 UTC 2016
Hi Lorenzo and team,
You obtain a different tarball cloning the master branch github
repository than downloading the sourceforge tarball. The upstream added
the file install.sh to sf tarball. I don't believe that is an issue and
the tarball is surely not damaged.
AFAIK, we cannot use a git repo to monitor releases if upstream don't
uses tags.
Cheers,
Marcos
El 04/10/16 a las 22:24, Lorenzo "Palinuro" Faletra escribió:
> Hi, i have tried to test the download of the orig tar of websploit by
> using uscan and i have noticed that the copy of the file available at
> sourceforge seems to be damaged, i have tried to dump the full list of
> sourceforge mirrors and get the file from all of them without results.
>
> Should we contact the software maintainers to ask them to re-upload
> the files?
>
> Should we use a different source in the watch file? (they have a
> github repo without releases/tags)
>
More information about the Pkg-security-team
mailing list