Your message dated Tue, 17 Sep 2024 23:02:56 +0200
with message-id <9dabe50827c31a536498a36ac8dee147776dc097.ca...@debian.org>
and subject line Re: vcswatch: fails to query salsa, impacts DDPO and
tracker.d.o
has caused the Debian Bug report #1081461,
regarding vcswatch: fails to query salsa, impacts DDPO and tracker.d.o
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1081461: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081461
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: qa.debian.org
Severity: important
Dear Maintainer,
vcswatch is failing to query salsa.d.o for several days by now.
Here is, e.g., the error message for the package vpnc:
https://salsa.debian.org/api/v4/projects/pkg-security-team%2Fvpnc
API request failed: 401 Unauthorized at
/srv/qa.debian.org/data/vcswatch/vcswatch line 408.
Consequently DDPO shows a 'warn' hint with almost all packages in its
VCS column [0] alongside a sometimes outdated version info (presumably
when the version changed after the access to salsa failed for the first
time). tracker.d.o displays a misleading 'VCS repository is not up to
date' message in the case of an outdated version info.
I assume that vcswatch uses an expired access token, as salsa is
displaying this banner message on its webpage [1] since some weeks now:
GitLab now enforces expiry dates on tokens that originally had no
set expiration date. Those tokens were given an expiration date of
one year later. Please review your personal access tokens, project
access tokens, and group access tokens to ensure you are aware of
upcoming expirations. Administrators of GitLab can find more
information on how to identify and mitigate interruption in our
documentation.
I also assume that this also causes the issue reported with bug
#1081157 [2].
Please check this urgently, as DDPO and tracker.d.o increasingly show
invalid information.
Best,
Sven
[0] e.g.
https://qa.debian.org/developer.php?email=team%2Bpkg-security%40tracker.debian.org
[1] https://salsa.debian.org/public
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081157
--
GPG Fingerprint
3DF5 E8AA 43FC 9FDF D086 F195 ADF5 0EDA F8AD D585
signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
Dear Maintainer,
On Wed, 11 Sep 2024 21:02:05 +0200 Sven Geuer <s...@debian.org> wrote:
> vcswatch is failing to query salsa.d.o for several days by now.
Someone apparently fixed the issue. Since 2024-09-15 01:22:07+00 I see
successful runs of vcswatch.
Closing this bug therefore.
Cheers,
Sven
--
GPG Fingerprint
3DF5 E8AA 43FC 9FDF D086 F195 ADF5 0EDA F8AD D585
signature.asc
Description: This is a digitally signed message part
--- End Message ---
