[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#620829: [new checks] implements parts of the java policy

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 2011-04-09 17:19, Vincent Fourmond wrote:
> 
>   Hello Niels !
> 
> [...]
>> I see you have tested some of your tags[1]; I am curious about your
>> findings, you say that 30% of the javalibs you have tests triggers the
>> tags.  Have you any ideas if any of those are false-positives?
> 
>   I'm afraid that in this specific case, chances of false positives are
> unlikely. If a java package depends on a lib...-java, it means that some
> of its code depend on one of the jars in this lib...-java. So it must
> have an appropriate classpath entry. It is a warning as of now, but I'm
> pretty sure they are all java policy violations, we may have to raise it
> into an error. The only possibility I see for false positives is if a
> package depends on the data contained in a lib...-java package, but not
> on the code. I don't think it applies to a significant fraction of these
> 30%...
> 
>   Cheers,
> 
> 	Vincent
> 

Hi Vincent

I have applied your patches (with modification).  I believe the most
important change is that I removed
  classpath-contains-files-not-in-usr-share.  The reason was that it
would have false-positives if a private jar had a classpath on another
private jar.  I /think/ it should cover most cases if it also allowed
dirof(jar) == dirof(jar_in_cp), but I could not really wrap my head
around it.

I also think we might need to extend the logic of the relative classpath
to handle /usr/share/pkg/A.jar having classpath ../java/lib.jar, which I
would think is a rather valid cp as well.  Though I think we lack a
general purpose Lintian function to normalize relative paths at the moment.

Feel free to (re-)add these changes in some patches based of the master
branch and I will have a second look.  I will make an unofficial version
of Lintian and try to trick people it to providing some feedback on
these changes.

~Niels

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJNqDOUAAoJEAVLu599gGRCZGwP/jwwm3SjWu0zhdxAR8GAESnm
Hft+voziG0x71Hy/F96sF/0lA1576gomPdz54ZzAWHsBYp3lUfBTlCEt4MVcaNso
Bsu3df2O9oxh1WposApUfpU8oSsFVCoVUq6z4CJkoVpmghZdfTbr9RDrmYFn7fNv
8ILXy32mcOvtho/i/5+p7C77RSe41Pc6vjQ77N/02HBIkrUbH1EyASsMODI3HcHI
teQpCs9koPenB8+8nziJLhKPz7LFWkGrjYCJpSNXgM7d01WvXpwwfZU2eg8b184U
aBBn2HWKQafDkLj+eii4LbU8vgRpu1w7H6UaF0ZbVU9TBotnvJdbaUqnKHd98nxr
aRUEKbmtMqEoK98BxF5BCCMOc6pAIdnow7d2+gLGNonZdc+Vwgc/G520mUSjfCME
zcXgceaJb3nnyey7l3rylE4+0b38jSI5hDptbJEYUQwwIZZ+74sKtXbPkYMSWdmx
RYknsghWtYGQEVSOP3ZPo6CX3KPWVA0vUQL61o2BkCc+AGnSsR5iWC/4D0CLU2m6
V/XXMkFcwZ4fXgDL8u3O70UP3ttRxxIqcw2GQzIPgxaQSJQWzXoPW7QlmNtnZV3/
0WscJXeI757OpMoapRiSFLMplZ9WAxA/uhFro5imAAQ6G3jLro/E2h+bAP0JkPSp
gYVJW3qPw4X8oWTv1vR4
=6LnU
-----END PGP SIGNATURE-----
Reply to: