Bug#711193: Mark hardening-wrapper/includes as deprecated build-depends

To: 711193@bugs.debian.org
Subject: Bug#711193: Mark hardening-wrapper/includes as deprecated build-depends
From: "Thijs Kinkhorst" <thijs@debian.org>
Date: Wed, 5 Jun 2013 18:53:36 +0200
Message-id: <[🔎] 6a6ff8d3683b5da3fb1d64ad0151a9ba.squirrel@aphrodite.kinkhorst.nl>
Reply-to: "Thijs Kinkhorst" <thijs@debian.org>, 711193@bugs.debian.org
In-reply-to: <[🔎] 87ip1sr0bc.fsf@windlord.stanford.edu>
References: <[🔎] 20130605103026.18291.72269.reportbug@incagijs.uvt.nl> <[🔎] 87ip1sr0bc.fsf@windlord.stanford.edu>

On Wed, June 5, 2013 18:26, Russ Allbery wrote:
> Thijs Kinkhorst <thijs@debian.org> writes:
>
>> Packages should not Build-Depend on either of these packages and their
>> functionality, but rather use the superior dpkg buildflags solution.
>> Attached patch accomplishes that packagers are warned when they
>> build-depend on one of these packages.
>
> Well, given that I have a package that Build-Depends on hardening-wrapper,
> I should probably reply here.  :)
>
> dpkg-buildflags is all fine and good if the upstream source lets you
> override compiler flags easily.  If, however, it doesn't,
> hardening-wrapper is much easier to deal with than trying to patch all the
> places in the upstream source where the compiler flags have to be changed
> and then updating that patch for various versions of upstream source.  In
> the case of openafs, this is a known bug that upstream is working on
> (slowly) by untangling the flags used to build the kernel module (which on
> platforms other than Linux cannot be user-tunable) and the flags used to
> build userspace, so doing the work to hack in Debian's flags in the
> meantime seems like a lot of wasted effort.
>
> What problem are you hoping to solve with this Lintian tag?

Hardening-wrapper/includes have existed as the solution for build
hardening before dpkg buildflags was introduced. Therefore, quite a lot of
packages adopted hardening-wrapper/includes and put them into their
Build-Depends. Now that dpkg buildflags is the agreed-upon superior
solution, it is better if they move to this solution if possible. The tag
would alert them of this fact, as would it signal new packages adding this
method (e.g. by copying it from another package).

There are still valid use cases, but as you say even there it's probably a
(known) bug in the build system that precludes the use of dpkg buildflags.
The packages themselves aren't going anywhere, it's just that there's a
large quantity of use that's most likely inertia. The valid use cases
could perhaps add an override?

Cheers,
Thijs

Reply to:

Follow-Ups:
- Bug#711193: Mark hardening-wrapper/includes as deprecated build-depends
  - From: Russ Allbery <rra@debian.org>

References:
- Bug#711193: Mark hardening-wrapper/includes as deprecated build-depends
  - From: Thijs Kinkhorst <thijs@debian.org>
- Bug#711193: Mark hardening-wrapper/includes as deprecated build-depends
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Bug#711207: spelling-error-in-binary is overly eager: teH/the
Next by Date: Bug#711193: Mark hardening-wrapper/includes as deprecated build-depends
Previous by thread: Bug#711193: Mark hardening-wrapper/includes as deprecated build-depends
Next by thread: Bug#711193: Mark hardening-wrapper/includes as deprecated build-depends
Index(es):
- Date
- Thread