Re: Bug#837938: move the hardening-check script from hardening-includes to devscripts

To: 837938@bugs.debian.org
Cc: Paul Wise <pabs@debian.org>, lintian-maint@debian.org
Subject: Re: Bug#837938: move the hardening-check script from hardening-includes to devscripts
From: Jakub Wilk <jwilk@debian.org>
Date: Sat, 1 Oct 2016 19:15:51 +0200
Message-id: <[🔎] 20161001171551.v5h4j43ksa2ghfpr@jwilk.net>
In-reply-to: <1475210662.15107.27.camel@debian.org>
References: <5ec87347-29c5-777f-dea7-5439cd70e78e@debian.org> <20160918105330.waoiv5qry3acre74@freya.jamessan.com> <1475210326.15107.25.camel@debian.org> <1475210662.15107.27.camel@debian.org>

* Paul Wise <pabs@debian.org>, 2016-09-30, 12:44:

check-all-the-things runs hardening-check and maintainers might want to runit manually, any thoughts about moving it to devscripts anyway?


hardening-check is also packaged for other distros:
https://admin.fedoraproject.org/pkgdb/package/rpms/hardening-check/
https://aur.archlinux.org/packages/hardening-check/
https://packages.gentoo.org/packages/app-admin/hardening-check

It would be a shame if it disappeared.

Reading through #836162 it seems like lintian is a better place forhardening-check than devscripts. I wonder if the lintian maintainers are opento that,


IMO devscripts or a separate package would be a better place.

which would allow keeping the stackprotector tag.

The stackprotector check in hardening-check is very simple. It would be easy toimplement it directly in Lintian. But this check is so unreliable, it's notworth the trouble.


--
Jakub Wilk

Reply to:

Prev by Date: [lintian] branch master updated (b46abac -> f82d704)
Next by Date: [lintian] 01/01: checks/shared-libs: Fix typos
Previous by thread: [lintian] 01/01: Check scripts using init-functions without lsb-base Depends
Next by thread: [lintian] branch master updated (f82d704 -> 5031f54)
Index(es):
- Date
- Thread