Package: qa.debian.org Severity: important Dear Maintainer,
vcswatch is failing to query salsa.d.o for several days by now. Here is, e.g., the error message for the package vpnc: https://salsa.debian.org/api/v4/projects/pkg-security-team%2Fvpnc API request failed: 401 Unauthorized at /srv/qa.debian.org/data/vcswatch/vcswatch line 408. Consequently DDPO shows a 'warn' hint with almost all packages in its VCS column [0] alongside a sometimes outdated version info (presumably when the version changed after the access to salsa failed for the first time). tracker.d.o displays a misleading 'VCS repository is not up to date' message in the case of an outdated version info. I assume that vcswatch uses an expired access token, as salsa is displaying this banner message on its webpage [1] since some weeks now: GitLab now enforces expiry dates on tokens that originally had no set expiration date. Those tokens were given an expiration date of one year later. Please review your personal access tokens, project access tokens, and group access tokens to ensure you are aware of upcoming expirations. Administrators of GitLab can find more information on how to identify and mitigate interruption in our documentation. I also assume that this also causes the issue reported with bug #1081157 [2]. Please check this urgently, as DDPO and tracker.d.o increasingly show invalid information. Best, Sven [0] e.g. https://qa.debian.org/developer.php?email=team%2Bpkg-security%40tracker.debian.org [1] https://salsa.debian.org/public [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081157 -- GPG Fingerprint 3DF5 E8AA 43FC 9FDF D086 F195 ADF5 0EDA F8AD D585
signature.asc
Description: This is a digitally signed message part
