Hi Gerardo, > Hello, > I just checked the Package Tracker page for galois > (https://tracker.debian.org/pkg/galois) and it shows a few entries in > the "action needed" box. May I please ask for your advice: Note: The things mentioned there are "good to have" fixes, and are not urgent in anyway >1. "Fails to build during reproducibility testing": I followed the > link but I am unable to see where it says that any build has failed. > The light blue box on the left actually says "reproducible at > 2021-03-25 22:48:00 UTC". I also looked at the buildinfo diff, that is > indeed quite long, but as far as I understand, at least some > differences are expected and result from intentionally changing some > build parameters, e.g., the directory where files are extracted. Can > you help me understand what the problem is (if there is indeed a > problem) and what I should do to solve it? Yeah, the unreproducible build report looks like a false positive. However, to confirm it, you could run reprotest[1] locally to check that it is indeed a false positive, or even better you could simply enable salsa CI and check the reprotest result. > 2. "AppStream hints: 1 warning" (there is no Metainfo file): Tracker > has been showing this for some time, I don't think it warrants > immediate action, but while I'm at it, let me ask about it too. I've > read the wiki page, I understand this is a "nice to have" feature but > I'm not sure to which extent it is recommended practice in Debian or > in the Games Team. Also, should it belong to the Debian packaging or > is it better to add it upstream (I'm also the upstream maintainer so I > can do both)? I _think_ if possible, it'd be best if you can do it upstream, since the page here[2] states: "write a MetaInfo file for this component and send it upstream." > 3. "Build log checks report 1 warning": this is about CPPFLAGS and > LDFLAGS not being set. Indeed, I don't think those are needed and I > guess I can simply ignore this. Please let me know if you disagree. Not really, it should _not_ be ignored. Sure, they are not essential, but they provide a hardening flags which is good to have. Propagating hardening flags in the build is mostly good, you might like checking out this tool blhc[3] to debug these things further. > 4. "Standards version of the package is outdated": I will of course > update it in the next release. ACK. >In any case we are now in deep freeze so unless any of these would > warrant an RC bug, they'll have to wait until after the Bullseye > release. Yes, as I mentioned none of these things is urgent. This package is good enough and is in healthy shape for bullseye [1]: https://wiki.debian.org/ReproducibleBuilds/Howto#Newer_method [2]: https://appstream.debian.org/sid/main/issues/galois.html [3]: https://tracker.debian.org/pkg/blhc Nilesh
Attachment:
signature.asc
Description: PGP signature