Bug#697164: [new check] check for source packages with symlinks pointing outside

[Jakub Wilk <jwilk@debian.org>]

Hi Paul,

Thanks for the bug report.

* Paul Wise <pabs@debian.org>, 2013-01-02, 09:50:
> dpkg-source is not able (#645157) to properly handle source packages 
> with relative/absolute symlinks that point outside of the package. It 
> would be good if lintian could detect this situation and give an error. 
> lintian should check both the orig.tar and the debian.tar. Since Debian 
> source packages need to be self-contained, this should be an autoreject 
> that cannot be overridden. If you need an example package, there is one 
> at the URLs below. I discovered it during my work on the Debian 
> derivatives census.
>
> http://packages.bosslinux.in/boss/pool/savir/main/e/exe/exe_1.04.1.3602-boss1.dsc
> http://people.debian.org/~pabs/tmp/exe_1.04.1.3602-boss1.dsc

Lintian already checks if debian/ directory itself is a symlink pointing 
outside the source package:

$ lintian exe_1.04.1.3602-boss1.dsc
internal error: cannot resolve debian directory symlink in exe: No such file or directory at /usr/share/perl5/Lintian/Util.pm line 846.
warning: collect info debfiles about package exe failed
warning: skipping check of source package exe


As for banning all such symlinks, I'm not sure it's a good idea. I 
happen to maintain a package which contains one (lintian4python), and I 
think it's a valid use-case. Feel free to convince me otherwise, though. 
:)

--
Jakub Wilk