Hi! I'm intending to package a new software for Debian [1]. I just completed most of the package work and have a lintian-error free package, but I still have a warning that is driving me crazy. I have read the output of lintian-info -t about hardening-no-fortify-functions, and it helps a lot. The software uses Cmake as build tool, and the "hardening-wrapper" solution solved some lintian warnings, but not the latest one. I have looked at the buld logs, and I can see that the CPPFLAGS "-D_FORTIFY_SOURCE=2" is included in all the compiler calls, but the warning is still present. What's the problem with this? My another question is about the version numbering: the software is still in development and they make a new minor version each week (approximately). Sometimes I need to package something that is in their repository but not still in a numbered version, so, I tried to use the latest known version and add a ~TIMESTAMPgit... to the minor version number, but debuild warns me about the version 0.1.0~2012......git-1 is less than 0.1.0. The latest thing is that I have seen several packages with ~TIMESTAMP (screen, by example): they add a alpha-numeric string after the "git" word... what does it mean? Where can I found some information about packaging directly from VCS? Best regard and thanks in advance -- José Luis Segura Lucas
Attachment:
signature.asc
Description: OpenPGP digital signature