[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Lintian severity levels

la 27.9.2025 klo 11.48 Samuel Thibault (sthibault@debian.org) kirjoitti:
> Martin-Éric Racine, le sam. 27 sept. 2025 09:41:58 +0300, a ecrit:
> > IMHO, in order for Lintian's severity levels to be meaningful in
> > determining a package's fitness for inclusion in the Debian
> > repository, an Error ought to refer to a MUST[NOT] Policy item,
>
> I don't think lintian errors are supposed to match policy items.
> While lintian fatal errors (used by ftpmaster to reject package) can,
> indeed.

Which is precisely the problem. A tag with the severity level Error
has consequences, so Lintian should use that severity level sparingly.

> I mean, I don't think we'll try to encode in the policy all pieces that
> we know are errors that will hit us somehow and we want to highlight to
> maintainers. Just taking the first tag I see coming:
>
> Just taking the first example I can find in the tags:
>
> Tag: apache2-configuration-files-need-conf-suffix
> Severity: error
> Check: apache2
> Explanation: The package is installing an Apache2 configuration but that file does not
>  end with a '<code>.conf</code>' suffix. Starting with Apache2 2.4 all configuration
>  files except module '<code>.load</code>' files need that suffix or are ignored otherwise.
>
> This is clearly an error that we want to highlight, while not actually
> being a problem for inclusion in debian, so won't be covered by the
> policy.

Agreed. In fairness, in that particular case, the error is explained
by a requirement due to Apache code change.

Here are two less obvious ones:

N:
E: package-installs-apt-sources
N:
N:   Debian packages should not install files under
/etc/apt/sources.list.d/ or install an /etc/apt/sources.list file.
N:
N:   The selection of installation sources is under the control of the
local administrator. Packages are generally not allowed to change the
administrator's choices.
N:
N:   As a limited exception for the convenience of administrators,
packages whose names end in the clearly named -apt-source are
permitted to install such files.
N:
N:   Please refer to the sources.list(5) manual page for details.
N:
N:   Visibility: error
N:   Show-Always: no
N:   Check: apt
N:   Renamed from: package-install-apt-sources
N:

This is a fairly common case for commercial non-free commercial
packages and for local packages deployed across a whole company. The
package includes a sources.list.d file to enable fetching updates, and
it definitely won't pull in a separate company-apt-source package just
to quiet down Lintian.

N:
E: package-installs-apt-preferences
N:
N:   Debian packages should not install files under
/etc/apt/preferences.d/ or install an /etc/apt/preferences file. This
directory is under the control of the local administrator.
N:
N:   Package should not override local administrator choices.
N:
N:   Please refer to the apt_preferences(5) manual page for details.
N:
N:   Visibility: error
N:   Show-Always: no
N:   Check: apt
N:   Renamed from: package-install-apt-preferences
N:

There is an obvious need to prefer customized versions over Debian
versions for packages deployed across a whole company.

Martin-Éric
Reply to: