[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Lintian severity levels

Martin-Éric Racine, le sam. 27 sept. 2025 12:01:58 +0300, a ecrit:
> la 27.9.2025 klo 11.48 Samuel Thibault (sthibault@debian.org) kirjoitti:
> > Martin-Éric Racine, le sam. 27 sept. 2025 09:41:58 +0300, a ecrit:
> > > IMHO, in order for Lintian's severity levels to be meaningful in
> > > determining a package's fitness for inclusion in the Debian
> > > repository, an Error ought to refer to a MUST[NOT] Policy item,
> >
> > I don't think lintian errors are supposed to match policy items.
> > While lintian fatal errors (used by ftpmaster to reject package) can,
> > indeed.
> 
> Which is precisely the problem. A tag with the severity level Error
> has consequences,

Which consequences are you thinking about? As mentioned above, the
archive rejections are not just based on the "error" level.

On my side, all I need from error and warning levels is a clear way to
fix them, and usually I have it.

> > This is clearly an error that we want to highlight, while not actually
> > being a problem for inclusion in debian, so won't be covered by the
> > policy.
> 
> Agreed. In fairness, in that particular case, the error is explained
> by a requirement due to Apache code change.

Yes, but I believe that's a common thing. I haven't looked at the
numbers, but I expect a lot of these to exist and to be useful.

> Here are two less obvious ones:
> 
> N:
> E: package-installs-apt-sources
> N:
> N:   Debian packages should not install files under
> /etc/apt/sources.list.d/ or install an /etc/apt/sources.list file.
> N:
> N:   The selection of installation sources is under the control of the
> local administrator. Packages are generally not allowed to change the
> administrator's choices.
> N:
> N:   As a limited exception for the convenience of administrators,
> packages whose names end in the clearly named -apt-source are
> permitted to install such files.
> N:
> N:   Please refer to the sources.list(5) manual page for details.
> N:
> N:   Visibility: error
> N:   Show-Always: no
> N:   Check: apt
> N:   Renamed from: package-install-apt-sources
> N:
> 
> This is a fairly common case for commercial non-free commercial
> packages and for local packages deployed across a whole company. The
> package includes a sources.list.d file to enable fetching updates, and
> it definitely won't pull in a separate company-apt-source package just
> to quiet down Lintian.

I don't understand the problem here. Why should there be a separate
package to quiet down Lintian? I mean, if a private package is used to
deploy an apt source, it can both ship its /etc/apt/sources.list.d/ file
and add a lintian suppression, where is the problem?

> N:
> E: package-installs-apt-preferences
> N:
> N:   Debian packages should not install files under
> /etc/apt/preferences.d/ or install an /etc/apt/preferences file. This
> directory is under the control of the local administrator.
> N:
> N:   Package should not override local administrator choices.
> N:
> N:   Please refer to the apt_preferences(5) manual page for details.
> N:
> N:   Visibility: error
> N:   Show-Always: no
> N:   Check: apt
> N:   Renamed from: package-install-apt-preferences
> N:
> 
> There is an obvious need to prefer customized versions over Debian
> versions for packages deployed across a whole company.

Same here.

Samuel
Reply to: