[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Allegro 5 review (Was: can somebody package libalfont ?)


On Sat, 2012-07-07 at 01:57:32 +0200, Tobias Hansen wrote:
> Am 04.07.2012 00:59, schrieb Paul Wise:
> > lots of warnings from dpkg-shlibdeps.
> Building with -Wl,--as-needed flag now.

Please take into account this is (most of the time) just working around
the real problems in the build system. The correct fix is to track
down why and where the unneeded libraries are being linked from. It
could be that some of the dependencies wrongly leak libraries from a
foo-config script, .la or .pc filess, the package build system is
unneedingly linking against transitive dependencies, etc. The only
case where --as-needed *might* be appropriate (after all the previous
has been fixed) is with libraries that leak their transitive
dependencies “by design”, like it's the case with gtk+ and friends.

> > lintian warnings:
> >
> > W: liballegro-image5.0: hardening-no-fortify-functions
> > usr/lib/x86_64-linux-gnu/liballegro_image.so.5.0.6
> > W: liballegro5.0: hardening-no-fortify-functions
> > usr/lib/x86_64-linux-gnu/liballegro.so.5.0.6
> > W: liballegro5.0: hardening-no-fortify-functions
> > usr/lib/x86_64-linux-gnu/liballegro_color.so.5.0.6
> > W: liballegro-ttf5.0: hardening-no-fortify-functions
> > usr/lib/x86_64-linux-gnu/liballegro_ttf.so.5.0.6
> > W: liballegro-acodec5.0: hardening-no-fortify-functions
> > usr/lib/x86_64-linux-gnu/liballegro_acodec.so.5.0.6
> That are false positives as in #673112. I added lintian overrides.

I'd think that if lintian is producing tons of false-positives then
that should be fixed there, and not just overridden on every and each


Reply to: