Lintian profiles (was Re: Lintian severity levels)

To: Martin-Éric Racine <martin-eric.racine@iki.fi>
Cc: debian-devel@lists.debian.org, Samuel Thibault <sthibault@debian.org>
Subject: Lintian profiles (was Re: Lintian severity levels)
From: Guillem Jover <guillem@debian.org>
Date: Sat, 27 Sep 2025 16:13:26 +0200
Message-id: <[🔎] aNfxBv-WqDTyrI4o@thunder.hadrons.org>
Mail-followup-to: Martin-Éric Racine <martin-eric.racine@iki.fi>, debian-devel@lists.debian.org, Samuel Thibault <sthibault@debian.org>
In-reply-to: <[🔎] CAPZXPQdWnjCc_GOxvQmXwPo4RA5E10RXUS=8nLYN7CeJR2kk3A@mail.gmail.com>
References: <[🔎] CAPZXPQfGgAOUa4aEwjFMv-Q6GA2XjoROCjcEh1eo-cgMeqPGNg@mail.gmail.com> <[🔎] aNek7A82k4fMRukY@begin> <[🔎] CAPZXPQdWnjCc_GOxvQmXwPo4RA5E10RXUS=8nLYN7CeJR2kk3A@mail.gmail.com>

Hi!

On Sat, 2025-09-27 at 12:01:58 +0300, Martin-Éric Racine wrote:
> la 27.9.2025 klo 11.48 Samuel Thibault (sthibault@debian.org) kirjoitti:
> > Martin-Éric Racine, le sam. 27 sept. 2025 09:41:58 +0300, a ecrit:
> > > IMHO, in order for Lintian's severity levels to be meaningful in
> > > determining a package's fitness for inclusion in the Debian
> > > repository, an Error ought to refer to a MUST[NOT] Policy item,
> >
> > I don't think lintian errors are supposed to match policy items.
> > While lintian fatal errors (used by ftpmaster to reject package) can,
> > indeed.

Agreed. As also mentioned elsethread not every wrong behavior is or
should be encoded in the Debian Policy. And, even then the behavior in
the Debian Policy is going to be official Debian distribution policy,
so it might well not make sense or should not be taken as is for local
or for a vendor policy.

> Which is precisely the problem. A tag with the severity level Error
> has consequences, so Lintian should use that severity level sparingly.

An error should be emitted whenever necessary, either because it is a
cause for a bug, or contravenes maintainer/package/distribution designs
or expected usage (the apt settings below for example), or for something
that really needs to be changed (to adapt to code, package/archive
changes), etc.

> Here are two less obvious ones:
> 
> N:
> E: package-installs-apt-sources
> N:
> N:   Debian packages should not install files under
> /etc/apt/sources.list.d/ or install an /etc/apt/sources.list file.

> This is a fairly common case for commercial non-free commercial
> packages and for local packages deployed across a whole company. The
> package includes a sources.list.d file to enable fetching updates, and
> it definitely won't pull in a separate company-apt-source package just
> to quiet down Lintian.

The default lintian profile targets Debian. If you are using lintian
in some other context, then you should either use overrides, or be
creating a lintian profile for your needs.

AFAIR this is tied to the (dpkg) vendor (?) so you might be able to
specify an explicit Vendor field for those packages, so that lintian can
use that to select a different profile (if that does not work then I
think it would be worth fixing/implementing that).

See the Lintian Reference Manual for the format of those profiles. As
an example you can see /usr/share/lintian/profiles/dpkg/main.profile
as a pseudo-profile to select upstream expected dpkg (vs Debian)
behavior.

Thanks,
Guillem

Reply to:

References:
- Lintian severity levels
  - From: Martin-Éric Racine <martin-eric.racine@iki.fi>
- Re: Lintian severity levels
  - From: Samuel Thibault <sthibault@debian.org>
- Re: Lintian severity levels
  - From: Martin-Éric Racine <martin-eric.racine@iki.fi>

Prev by Date: Re: Lintian severity levels
Next by Date: Re: Lintian severity levels
Previous by thread: Re: Lintian severity levels
Next by thread: Re: Lintian severity levels
Index(es):
- Date
- Thread