[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Lintian based autorejects

Steve Langasek wrote:
> On Tue, Oct 27, 2009 at 03:06:07PM +0100, Joerg Jaspert wrote:
>> The second category is named "error" and the tags listed can not be
>> overridden. Those are tags corresponding to packaging errors serious
>> enough to mark a package unfit for the archive and should never happen.
>> In fact, most of the tags listed do not appear in our archive
>> currently, the few packages listed below should be easily fixable with
>> their next upload.
>> We will provide a static url for the list of tags soon, for now you can
>> look at them using [1].
>> There are multiple files in [2] showing you the packages affected,
>> together with the tags they hit.
>> [1] http://ftp-master.debian.org/~joerg/lintian/lintian.tags
>> [2] http://ftp-master.debian.org/~joerg/lintian/
> Since I'm not familiar with most of these lintian errors by name, I've run
> the list of fatal errors through lintian-info with the following script:
> $ wget -O - -q http://ftp-master.debian.org/~joerg/lintian/lintian.tags \
> | sed -e'1,/error:$/d; s/^[[:space:]]\+-/E: ftp-master:/' | lintian-info
> I'd recommend that others do likewise, to get an appropriately large set of
> eyeballs on this change.
> Some problems I find with this list:
> E: ftp-master: wrong-file-owner-uid-or-gid
> N:
> N:   The user or group ID of the owner of the file is invalid. The owner
> N:   user and group IDs must be in the set of globally allocated IDs,
> N:   because other IDs are dynamically allocated and might be used for
> N:   varying purposes on different systems, or are reserved. The set of the
> N:   allowed, globally allocated IDs consists of the ranges 0-99,
> N:   64000-64999 and 65534.

Hmm, why is 100-999 not mentioned here or does this lintian check only
check files shipped by the package as opposed to created in the postinst?

> N:   Refer to Debian Policy Manual section 9.2 (Users and groups) for
> N:   details.
> N:   
> N:   Severity: serious, Certainty: certain
> N:
> Policy 9.2 does /not/ prohibit shipping files with owners outside these
> ranges; it prohibits relying on user or group IDs outside these ranges being
> static, but there doesn't appear to be anything in Policy that prohibits
> creating the user in the package preinst and then unpacking the package such
> that ownership is applied by /name/.  (Unless I'm mistaken, this is
> precisely what dpkg does.)

If the check is only about files shipped by the package, I see no reason
how this objection can be anything more than theoretical.

If it's also about files created in the postinst: Steve: Can you give an
example of a dynamically allocated non system user needed by a package?
Dynamically allocated system users are covered in the range 100-999.

> E: ftp-master: copyright-lists-upstream-authors-with-dh_make-boilerplate

> This one has been mentioned previously in the thread.  Yes, it's a blemish
> in the package to list "Upstream Author(s)", but the lintian maintainers
> have correctly marked this as being of "normal" severity.  We should not be
> blocking packages from the archive for such low-severity issues; please drop
> this check.

It would indeed be good to have consensus first on the severity and
certainty of a lintian check before auto rejecting on it IMHO.



Reply to: