devscripts - Debian Package Tracker

general

source: devscripts (main)
version: 2.26.9
maintainer: Devscripts Maintainers (DMD)
uploaders: Holger Levsen [DMD] – Benjamin Drung [DMD] – Mattia Rizzolo [DMD]
arch: all
std-ver: 4.7.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.21.3+deb11u1
oldstable: 2.23.4+deb12u2
old-bpo: 2.25.15~bpo12+1
stable: 2.25.15+deb13u1
stable-bpo: 2.26.7~bpo13+1
testing: 2.26.9
unstable: 2.26.9

versioned links

2.21.3+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.23.4+deb12u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.25.15~bpo12+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.25.15+deb13u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.26.7~bpo13+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.26.9: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

devscripts (536 bugs: 1, 213, 322, 0)

action needed

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2025-8454: It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.

Created: 2025-07-14 Last update: 2026-05-27 02:00

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2025-8454: It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.

Created: 2025-08-09 Last update: 2026-05-27 02:00

4 bugs tagged help in the BTS normal

The BTS contains 4 bugs tagged help, please consider helping the maintainer in dealing with them.

Created: 2025-08-23 Last update: 2026-06-16 07:30

40 bugs tagged patch in the BTS normal

The BTS contains patches fixing 40 bugs (42 if counting merged bugs), consider including or untagging them.

Created: 2026-06-02 Last update: 2026-06-16 07:30

Depends on packages which need a new maintainer normal

The packages that devscripts depends on which need a new maintainer are:

docbook-xsl (#802370)
- Build-Depends: docbook-xsl

Created: 2019-11-22 Last update: 2026-06-16 07:00

25 open merge requests in Salsa normal

There are 25 open merge requests for this package on Salsa. You should consider reviewing and/or merging these merge requests.

Created: 2025-09-17 Last update: 2026-06-09 14:02

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 2.26.10, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit cc38217f798dc21257816971dc96e828009a02b8
Author: Daniel Gröber <dxld@darkboxed.org>
Date:   Mon Dec 15 17:49:28 2025 +0100

    bts reply|context: Show a "reading from STDIN" message

commit f52c34fb4227ec793fe7611caf20b62425489864
Author: Daniel Gröber <dxld@darkboxed.org>
Date:   Wed Dec 24 17:50:14 2025 +0100

    bts: Fall back to STDIN when /dev/tty fails to open (Closes: #1123934)

commit 7ab7bcbd3a4a85f10e7a63c24c53afeda0f13871
Author: Daniel Gröber <dxld@darkboxed.org>
Date:   Mon Feb 2 15:46:31 2026 +0100

    bts: Fix Handling of multiple done commands (Closes: #1126347)

commit 190e9e73082b01d09e6743ee04cb47b1ecfef355
Author: Daniel Gröber <dxld@darkboxed.org>
Date:   Wed Dec 17 14:15:22 2025 +0100

    bts: Fix aerc quoting in $mailreader default

commit 81fd301b42c55b94e44375f6441fbd1300dc941d
Author: Daniel Gröber <dxld@darkboxed.org>
Date:   Wed Dec 17 00:44:58 2025 +0100

    bts: Make Data::Dumper debug output nicer
    
    Gbp-Dch: ignore

commit b13d0c68b3ad20ad2369f757742d6b718c2121cd
Author: Daniel Gröber <dxld@darkboxed.org>
Date:   Wed Dec 17 00:37:55 2025 +0100

    bts: Remove unused %ccsubmitters
    
    Since:
     - commit b9aa8b7d bts done: Use NNNNN-done@ instead of control
    
    Gbp-Dch: ignore

commit 9077039495bc99b0b13c44d7e35a7b86da8482f8
Author: Daniel Gröber <dxld@darkboxed.org>
Date:   Mon Dec 15 16:42:15 2025 +0100

    bts: Bail if STDIN is unexpecteldy a TTY inside MUA

commit f1935b16aa7a9afc43cdd6526ed0d6576d1477b5
Author: Daniel Gröber <dxld@darkboxed.org>
Date:   Mon Dec 15 16:53:21 2025 +0100

    bts: Fix --no-mutt being ineffective

commit 566ff3b6bb40b64c7a19b3c5a64899ae0e790029
Author: Daniel Gröber <dxld@darkboxed.org>
Date:   Thu Dec 11 12:21:29 2025 +0100

    bts.1: Make 'reply' and 'context' examples more obviously different
    
    Gbp-Dch: ignore

commit 80462836a3225b17f885231e6224afbaf2790610
Author: Daniel Gröber <dxld@darkboxed.org>
Date:   Mon Dec 15 16:27:49 2025 +0100

    bts show|status: Establish implicit 'context', not 'reply' (MUA)
    
    Allows retrieving full MBOX
    
        | bts show<ENTER>
    
    or showing BTS status
    
        | bts status<ENTER>

commit 75ff12d5cbc26f1b805a0007f7c4e9196a1f802d
Author: Daniel Gröber <dxld@darkboxed.org>
Date:   Mon Dec 15 15:55:48 2025 +0100

    bts reply: Remove "Re:" prefix from Subject
    
    IIRC there was an existing good (but long) regex for this somewhere. LMK,
    dear reader, if you find or remember it.

commit f7eaacf031162b0d0c69697dd11be891593e7057
Author: Daniel Gröber <dxld@darkboxed.org>
Date:   Mon Dec 15 15:54:54 2025 +0100

    bts: Fix 'severity' and 'forwarded' failing with omitted bug number

commit 92302932fb87e463f2234c9b84b2d8061d5000b3
Author: Daniel Gröber <dxld@darkboxed.org>
Date:   Thu Dec 11 17:49:49 2025 +0100

    bts: Add debug msg for MUA/mailreader command
    
    Gbp-Dch: ignore

commit 359511f18d3b2c1f6e9677fd3c7340ddd5808098
Author: Jochen Sprickerhof <jspricke@debian.org>
Date:   Mon May 18 13:33:26 2026 +0200

    Revert "Remove mmdebstrap from recommends again"
    
    As proposed by Holger.
    
    This reverts commit a642bf862d98b0120938456656b342278a9eaed7.

commit 7fcc75b7e77990446df4c369605dc206341f65ca
Author: Jochen Sprickerhof <jspricke@debian.org>
Date:   Sun May 17 16:37:29 2026 +0200

    Start 2.26.10 development.
    
    d/changelog entries will be written on release
    using the git commit messages.
    
    Use 'gbp dch --since v2.26.9 --multimaint-merge'
    to write d/changelog entries since that last release.
    
    Gbp-Dch: ignore

Created: 2026-01-08 Last update: 2026-06-09 14:02

lintian reports 6 warnings normal

Lintian reports 6 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2026-05-28 Last update: 2026-05-28 06:01

1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:

CVE-2025-8454: (needs triaging) It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-08-09 Last update: 2026-05-27 02:00

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2025-8454: (needs triaging) It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-07-14 Last update: 2026-05-27 02:00

Issues found with some translations low

Automatic checks made by the Debian l10n team found some issues with the translations contained in this package. You should check the l10n status report for more information.

Issues can be things such as missing translations, problematic translated strings, outdated PO files, unknown languages, etc.

Created: 2026-01-08 Last update: 2026-03-10 09:00

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.7.3).

Created: 2026-03-31 Last update: 2026-05-17 21:19

news

[rss feed]

[2026-05-27] devscripts 2.26.9 MIGRATED to testing (Debian testing watch)
[2026-05-17] Accepted devscripts 2.26.9 (source) into unstable (Jochen Sprickerhof)
[2026-05-13] Accepted devscripts 2.26.8 (source) into unstable (Holger Levsen)
[2026-04-03] Accepted devscripts 2.26.7~bpo13+1 (source) into stable-backports (Jochen Sprickerhof)
[2026-04-03] devscripts 2.26.7 MIGRATED to testing (Debian testing watch)
[2026-03-31] Accepted devscripts 2.26.7 (source) into unstable (Benjamin Drung)
[2026-03-12] Accepted devscripts 2.26.6~bpo13+1 (source) into stable-backports (Jochen Sprickerhof)
[2026-03-12] devscripts 2.26.6 MIGRATED to testing (Debian testing watch)
[2026-03-09] Accepted devscripts 2.26.6 (source) into unstable (Jochen Sprickerhof)
[2026-01-20] devscripts 2.26.5 MIGRATED to testing (Debian testing watch)
[2026-01-18] Accepted devscripts 2.26.5 (source) into unstable (Holger Levsen)
[2026-01-18] devscripts 2.26.4 MIGRATED to testing (Debian testing watch)
[2026-01-12] Accepted devscripts 2.26.4 (source) into unstable (Holger Levsen)
[2026-01-10] devscripts 2.26.3 MIGRATED to testing (Debian testing watch)
[2026-01-08] Accepted devscripts 2.26.3 (source) into unstable (Holger Levsen)
[2026-01-07] Accepted devscripts 2.26.2 (source) into unstable (Holger Levsen)
[2026-01-07] devscripts 2.26.1 MIGRATED to testing (Debian testing watch)
[2026-01-04] Accepted devscripts 2.26.1 (source) into unstable (Holger Levsen)
[2026-01-01] devscripts 2.25.33 MIGRATED to testing (Debian testing watch)
[2025-12-29] Accepted devscripts 2.25.33 (source) into unstable (Daniel Gröber)
[2025-12-22] Accepted devscripts 2.25.32 (source) into unstable (Daniel Gröber)
[2025-12-16] Accepted devscripts 2.25.31 (source) into unstable (Holger Levsen)
[2025-12-12] devscripts 2.25.30 MIGRATED to testing (Debian testing watch)
[2025-12-09] Accepted devscripts 2.25.30 (source) into unstable (Holger Levsen)
[2025-12-09] devscripts 2.25.29 MIGRATED to testing (Debian testing watch)
[2025-12-04] Accepted devscripts 2.25.29 (source) into unstable (Holger Levsen)
[2025-12-04] devscripts 2.25.28 MIGRATED to testing (Debian testing watch)
[2025-11-30] Accepted devscripts 2.25.28 (source) into unstable (Holger Levsen)
[2025-11-25] devscripts 2.25.27 MIGRATED to testing (Debian testing watch)
[2025-11-22] Accepted devscripts 2.25.27 (source) into unstable (Holger Levsen)

bugs [bug history graph]

all: 528 544
RC: 1
I&N: 209 215
M&W: 315 325
F&P: 3
patch: 40 42
help: 4
NC: 3

links

lintian (0, 6)
buildd: logs, reproducibility
popcon
browse source code
other distros
security tracker
l10n (88, -)
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.26.7