[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: galois: action needed (or not?), please advise

Hi Gerardo,

> Hello,
> I just checked the Package Tracker page for galois
> (https://tracker.debian.org/pkg/galois) and it shows a few entries in
> the "action needed" box. May I please ask for your advice:

Note: The things mentioned there are "good to have" fixes, and are not urgent in anyway

>1. "Fails to build during reproducibility testing": I followed the
> link but I am unable to see where it says that any build has failed.
> The light blue box on the left actually says "reproducible at
> 2021-03-25 22:48:00 UTC". I also looked at the buildinfo diff, that is
> indeed quite long, but as far as I understand, at least some
> differences are expected and result from intentionally changing some
> build parameters, e.g., the directory where files are extracted. Can
> you help me understand what the problem is (if there is indeed a
> problem) and what I should do to solve it?

Yeah, the unreproducible build report looks like a false positive.
However, to confirm it, you could run reprotest[1] locally to check that it
is indeed a false positive,
or even better you could simply enable salsa CI and check the reprotest

> 2. "AppStream hints: 1 warning" (there is no Metainfo file): Tracker
> has been showing this for some time, I don't think it warrants
> immediate action, but while I'm at it, let me ask about it too. I've
> read the wiki page, I understand this is a "nice to have" feature but
> I'm not sure to which extent it is recommended practice in Debian or
> in the Games Team. Also, should it belong to the Debian packaging or
> is it better to add it upstream (I'm also the upstream maintainer so I
> can do both)?

I _think_ if possible, it'd be best if you can do it upstream, since the page here[2] states:
"write a MetaInfo file for this component and send it upstream."

> 3. "Build log checks report 1 warning": this is about CPPFLAGS and
> LDFLAGS not being set. Indeed, I don't think those are needed and I
> guess I can simply ignore this. Please let me know if you disagree.

Not really, it should _not_ be ignored. Sure, they are not essential, but they provide a hardening
flags which is good to have. Propagating hardening flags in the build is
mostly good, you might like checking out this tool blhc[3] to debug
these things further.

> 4. "Standards version of the package is outdated": I will of course
> update it in the next release.


>In any case we are now in deep freeze so unless any of these would
> warrant an RC bug, they'll have to wait until after the Bullseye
> release.

Yes, as I mentioned none of these things is urgent. This package is good
enough and is in healthy shape for bullseye

[1]: https://wiki.debian.org/ReproducibleBuilds/Howto#Newer_method
[2]: https://appstream.debian.org/sid/main/issues/galois.html
[3]: https://tracker.debian.org/pkg/blhc


Attachment: signature.asc
Description: PGP signature

Reply to: