Re: lintian: does not warn about .class binaries

To: 873211@bugs.debian.org
Cc: Carnë Draug <carandraug+dev@gmail.com>, Chris Lamb <lamby@debian.org>, Debian Java <debian-java@lists.debian.org>
Subject: Re: lintian: does not warn about .class binaries
From: Emmanuel Bourg <ebourg@apache.org>
Date: Mon, 25 Sep 2017 22:08:24 +0200
Message-id: <[🔎] 0239adfe-b414-b0d6-3755-302edb1319bc@apache.org>
In-reply-to: <150367357548.16790.4111915450521614280.reportbug@mprocessor2.bioch.ox.ac.uk>
References: <150367357548.16790.4111915450521614280.reportbug@mprocessor2.bioch.ox.ac.uk>

On Wed, 20 Sep 2017 17:34:47 +0000 Chris Lamb <lamby@debian.org> wrote:
>  lintian (2.5.53) unstable; urgency=medium
>  .
>    * Summary of tag changes:
>      + Added:
>        - package-installs-java-bytecode

Hi,

Thanks for improving the Java support in Lintian, I'd suggest CCing
these topics to debian-java@lists.debian.org to gather more feedback on
the proposed changes.

I got a look at the packages affected by the new
package-installs-java-bytecode tag [1], they mostly consist in
demos/examples, webapp classes or one-class programs not meant to be
re-used as libraries. For these cases installing .class files directly
in the binary package is legitimate I think. jar files are really
important for reusable libraries and large applications (since jar files
are more space efficient), but there is no harm shipping a few isolated
.class files. The Java Policy probably needs a clarification on this point.

As I understand Carnë was concerned about .class files in the upstream
tarballs not recompiled from source and installed as-is in the binary
packages. I was under the impression this case was already covered by
source-contains-prebuilt-java-object but it isn't. I agree it would be
nice to handle this.

So I suggest the following:
- modify source-contains-prebuilt-java-object to also detect .class files
- lower the severity of package-installs-java-bytecode to pendatic or info
- trigger package-installs-java-bytecode in non-library packages only
when the number of classes detected in the package exceeds 20.
- do not trigger package-installs-java-bytecode if the path contains
"WEB-INF", "demo", "doc", "example", "sample" or "test".
- strictly speaking a class file isn't raw bytecode instructions, so
maybe rename the tag to "package-installs-java-class-files".
- verify if the .class files are really Java class files (by checking
the 0xCAFEBABE header, this will avoid false positives like
apertium-eo-fr and grass-core).

Emmanuel Bourg

[1] https://lintian.debian.org/tags/package-installs-java-bytecode.html

Reply to:

Follow-Ups:
- Re: lintian: does not warn about .class binaries
  - From: Markus Koschany <apo@debian.org>
- Re: lintian: does not warn about .class binaries
  - From: Chris Lamb <lamby@debian.org>

Prev by Date: freehep-graphics2d FTBFSs probably because of new maven libraries
Next by Date: Re: freehep-graphics2d FTBFSs probably because of new maven libraries
Previous by thread: Re: freehep-graphics2d FTBFSs probably because of new maven libraries
Next by thread: Re: lintian: does not warn about .class binaries
Index(es):
- Date
- Thread