[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Lintian warning: hardening-no-fortify-functions & version numbering


I'm intending to package a new software for Debian [1]. I just completed
most of the package work and have a lintian-error free package, but I
still have a warning that is driving me crazy.

I have read the output of lintian-info -t about
hardening-no-fortify-functions, and it helps a lot. The software uses
Cmake as build tool, and the "hardening-wrapper" solution solved some
lintian warnings, but not the latest one.

I have looked at the buld logs, and I can see that the CPPFLAGS
"-D_FORTIFY_SOURCE=2" is included in all the compiler calls, but the
warning is still present.

What's the problem with this?

My another question is about the version numbering: the software is
still in development and they make a new minor version each week
(approximately). Sometimes I need to package something that is in their
repository but not still in a numbered version, so, I tried to use the
latest known version and add a ~TIMESTAMPgit... to the minor version
number, but debuild warns me about the version 0.1.0~2012......git-1 is
less than 0.1.0.

The latest thing is that I have seen several packages with ~TIMESTAMP
(screen, by example): they add a alpha-numeric string after the "git"
word... what does it mean? Where can I found some information about
packaging directly from VCS?

Best regard and thanks in advance

José Luis Segura Lucas

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: