Re: Lintian based autorejects
Steve Langasek wrote:
> On Tue, Oct 27, 2009 at 03:06:07PM +0100, Joerg Jaspert wrote:
>> The second category is named "error" and the tags listed can not be
>> overridden. Those are tags corresponding to packaging errors serious
>> enough to mark a package unfit for the archive and should never happen.
>> In fact, most of the tags listed do not appear in our archive
>> currently, the few packages listed below should be easily fixable with
>> their next upload.
>> We will provide a static url for the list of tags soon, for now you can
>> look at them using .
>> There are multiple files in  showing you the packages affected,
>> together with the tags they hit.
>>  http://ftp-master.debian.org/~joerg/lintian/lintian.tags
>>  http://ftp-master.debian.org/~joerg/lintian/
> Since I'm not familiar with most of these lintian errors by name, I've run
> the list of fatal errors through lintian-info with the following script:
> $ wget -O - -q http://ftp-master.debian.org/~joerg/lintian/lintian.tags \
> | sed -e'1,/error:$/d; s/^[[:space:]]\+-/E: ftp-master:/' | lintian-info
> I'd recommend that others do likewise, to get an appropriately large set of
> eyeballs on this change.
> Some problems I find with this list:
> E: ftp-master: wrong-file-owner-uid-or-gid
> N: The user or group ID of the owner of the file is invalid. The owner
> N: user and group IDs must be in the set of globally allocated IDs,
> N: because other IDs are dynamically allocated and might be used for
> N: varying purposes on different systems, or are reserved. The set of the
> N: allowed, globally allocated IDs consists of the ranges 0-99,
> N: 64000-64999 and 65534.
Hmm, why is 100-999 not mentioned here or does this lintian check only
check files shipped by the package as opposed to created in the postinst?
> N: Refer to Debian Policy Manual section 9.2 (Users and groups) for
> N: details.
> N: Severity: serious, Certainty: certain
> Policy 9.2 does /not/ prohibit shipping files with owners outside these
> ranges; it prohibits relying on user or group IDs outside these ranges being
> static, but there doesn't appear to be anything in Policy that prohibits
> creating the user in the package preinst and then unpacking the package such
> that ownership is applied by /name/. (Unless I'm mistaken, this is
> precisely what dpkg does.)
If the check is only about files shipped by the package, I see no reason
how this objection can be anything more than theoretical.
If it's also about files created in the postinst: Steve: Can you give an
example of a dynamically allocated non system user needed by a package?
Dynamically allocated system users are covered in the range 100-999.
> E: ftp-master: copyright-lists-upstream-authors-with-dh_make-boilerplate
> This one has been mentioned previously in the thread. Yes, it's a blemish
> in the package to list "Upstream Author(s)", but the lintian maintainers
> have correctly marked this as being of "normal" severity. We should not be
> blocking packages from the archive for such low-severity issues; please drop
> this check.
It would indeed be good to have consensus first on the severity and
certainty of a lintian check before auto rejecting on it IMHO.