[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#849515: marked as done (Add debian-watch-uses-insecure-uri tag (HTTP usage instead of HTTPS))

Your message dated Thu, 12 Oct 2017 16:48:47 +0000
with message-id <E1e2gf9-0003EN-13@fasolo.debian.org>
and subject line Bug#849515: fixed in lintian 2.5.55
has caused the Debian Bug report #849515,
regarding Add debian-watch-uses-insecure-uri tag (HTTP usage instead of HTTPS)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
849515: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849515
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Subject: lintian: Add debian-watch-uses-insecure-uri tag (HTTP usage instead of HTTPS)
Package: lintian
Severity: wishlist

Dear Maintainer,

Add debian-watch-uses-insecure-uri tag (HTTP usage instead of HTTPS)

/debian/watch file can point to HTTP urls while HTTPS available, for example:
(from: https://sources.debian.net/src/texinfo/6.3.0.dfsg.1-1/debian/watch/?hl=3#L3)

	opts=dversionmangle=s/\.dfsg\.\d+$// http://ftp.gnu.org/gnu/texinfo/texinfo-(.*)\.tar\.gz
	
while https://ftp.gnu.org/ is available.

list of affected packages: '13406 files grepped (14424 results)'
https://codesearch.debian.net/search?q=http%3A%2F%2F+path%3Adebian%2Fwatch
list of not affected packages: '9638 files grepped (9904 results)'
https://codesearch.debian.net/search?q=https%3A%2F%2F+path%3Adebian%2Fwatch

--- End Message ---
--- Begin Message --- 
Source: lintian
Source-Version: 2.5.55

We believe that the bug you reported is fixed in the latest version of
lintian, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 849515@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Chris Lamb <lamby@debian.org> (supplier of updated lintian package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 12 Oct 2017 11:50:41 -0400
Source: lintian
Binary: lintian
Architecture: source
Version: 2.5.55
Distribution: unstable
Urgency: medium
Maintainer: Debian Lintian Maintainers <lintian-maint@debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Description:
 lintian    - Debian package checker
Closes: 701477 849515 870704 870898 875636 875964 877142 877147 877292 877421 877439 877511 877766 877905 877999 878184
Changes:
 lintian (2.5.55) unstable; urgency=medium
 .
   * Summary of tag changes:
     + Added:
       - debian-watch-uses-insecure-uri
       - django-package-does-not-depend-on-django
       - example-script-uses-deprecated-nodejs-location
       - priority-extra-is-replaced-by-priority-optional
       - python-module-has-overly-generic-name
       - systemd-service-file-wraps-init-script
     + Removed:
       - copyright-year-in-future
 .
   * checks/copyright-file.pm:
     + [CL] Drop copyright-year-in-future after all; it's just too error
       prone and time-consuming to maintain given the severity of the issues
       it can find.  (Closes: #877766)
   * checks/cruft.pm:
     + [CL] Exempt debian/copyright from license-problem-non-free-RFC tag
       to avoid false-positives on meta-references.  (Closes: #877999)
   * checks/debhelper.pm:
     + [AB] Also recognize dh-exec's "=>" arrow if surrounded by tabs.
       (Closes: #877905)
   * checks/fields.{desc,pm}:
     + [NT] Add an info tag for packages that use "Priority: extra".  Thanks
       to Mattia Rizzolo for the suggestion.  (Closes: #870898)
   * checks/files.pm:
     + [CL] Ignore privacy breach violations in comments.  (Closes: #877421)
     + [CL] Check for Python modules with overly generic names such as
       "tests" or "test".  (Closes: #875964)
   * checks/{files,manpages,menu-format}.{desc,pm}:
     + [NT] Stop considering usr/man, usr/X11R6/bin and usr/X11R6/man as
       manpage directories / PATH directories to simplify some code paths.
       Nothing ships manpages in these directories and lintian emits tags
       to strongly discourage people from doing so.
   * checks/init.d.pm:
     + [CL] Avoid warning for init.d-script-not-marked-as-conffile when
       the init.d script does not exist; we will already be alerted via
       the init.d-script-not-included-in-package error.
   * checks/python.pm:
     + [CL] Move to "Type: source, binary" check type.
     + [CL] Also match packages named "python2-*" as relating to Python 2.x.
     + [CL] Warn about Django libraries that do not depend on Django itself.
       (Closes: #877292)
     + [CL] Do not emit python-foo-but-no-python3-foo for -common packages.
   * checks/scripts.desc:
     + [CL] Add missing example-script-uses-deprecated-nodejs-location tag.
       (Closes: #877142)
     + [NT] Apply patch from Mattia Rizzolo to improve the tag description
       for script-uses-deprecated-nodejs-location.
     + [CL] Actually check for a dependency on sensible-utils before
       emitting script-needs-depends-on-sensible-utils.  Thanks to Daniel
       Reichelt for the detailed bug report.  (Closes: #877439)
   * checks/standards-version.desc:
     + [CL] Correct invalid link to upgrading-checklist. Thanks to Dann
       Frazier for the report.  (Closes: #878184)
   * checks/systemd.{desc,pm}:
     + [CL] Warn if native systemd service files only wrap existing SysV/LSB
       init scripts.  (Closes: #870704)
   * checks/watch-file.{pm,desc}:
     + [CL] Warn for debian/watch files using insecure URIs such as HTTP or
       FTP, similar to vcs-field-uses-insecure-uri.  (Closes: #849515)
 .
   * data/{common => fields}/priorities:
     + [NT] Rename file.
   * data/fields/essential:
     + [MR] Remove 'mount' from the essential packages.  Starting with
       util-linux version 2.29.2-3 the Essential flag has been removed.
       (Closes: #877511)
   * data/fields/priorities:
     + [NT] Remove "extra".
   * data/files/privacy-breaker-websites:
     + [CL] Replace (eg.) "You may use libjs-prototype package" with "You
       may use the libjs-prototype package".
 .
   * commands/lintian.pm:
     + [NT] Simplify handling of uncaught exceptions.
 .
   * doc/lintian.xml:
     + [NT] Document that the XDG_DATA_HOME directory can be used for
       user profiles and data files.  This has been supported for quite
       a while but the documentation incorrectly listed "$HOME/.lintian"
       instead (which in fact did not work for this purpose).
       (Closes: #701477)
 .
   * frontend/dplint:
     + [NT] Restore "$HOME/.lintian" as a directory that is used for
       user profiles and data files.  It was advertised as such in the
       documentation but the code actually only used the XDG_DATA_HOME
       path.  Thanks to Daniel Kauffman for the report.  (Closes: #875636)
     + [NT] Correct the order of restricted search paths (user directories
       and /etc/lintian).  It incorrectly used /etc/lintian before the
       user directory.
 .
   * lib/Lintian/Util.pm:
     + [NT] Rename the "fail" subroutine to "internal_error" to better
       reflect its purpose.
 .
   * t/tests/binaries-from-other-arch:
     + [NT] Make test architecture specific as it fails on certain
       architectures.  (Closes: #877147)
   * t/tests/python-new-python2-package/*:
     + [CL] Correct Depends of python2.7 → python3 in Python 3 test
       package.
   * t/tests/python-python2-no-python3-unrel/debian/debian/control.in:
     + [CL] Add test for ignoring python-foo-doc packages.
     + [CL] Correct short descriptions of binary packages.
Checksums-Sha1:
 3d14d1db508531f9e1e54b73be975b1126cde02d 2898 lintian_2.5.55.dsc
 008f0b85196ce001de504417b36a8293e0cb48ab 1240308 lintian_2.5.55.tar.xz
 14856ec702077b80a6712a2e526fcfee97630c99 16189 lintian_2.5.55_amd64.buildinfo
Checksums-Sha256:
 a3a9531ef414ebdcc9b8678a3ff4df53b68083e834ff0fd1c8d273f27a3ada8f 2898 lintian_2.5.55.dsc
 9b4fa600d4ba4bbf215d45a6154fdbc421506b635ead4fd824509a292c64d2bf 1240308 lintian_2.5.55.tar.xz
 9ae3ef7c12f43ac688cd9cb307ffe07c7a47629f14ed81f830dbbcc1a7b263d7 16189 lintian_2.5.55_amd64.buildinfo
Files:
 5c8f49574487e569cb448b6782ab6b5f 2898 devel optional lintian_2.5.55.dsc
 c16a99d3114d272d5453fb0fbb8d7e38 1240308 devel optional lintian_2.5.55.tar.xz
 c843072046812f34d84533b75236674e 16189 devel optional lintian_2.5.55_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlnfmSUACgkQHpU+J9Qx
HlgJIBAAj0HuO0jOJuRfIz2aGrPEMTxGUymKuU4ceTNwGrQDmbcoml9ttNm38eAj
udHQ7DD7RFYWsiEyIGYCEp95Jrw4Dz0ftCPl99KRxokfrApQ9CMd37BO0UhR7JrN
zUpoBaj+3vZA0/fbqkUj4xN6egeIObGrXGpkPYbvc5j2guw1W0O0wRFYuVI8/h6R
d1smik3OHXOlxt1a1WVCNV0MHOxj6/wow2zrYQotNxY/xcli3f38751bOo4q33bA
gd9lyVjjqjCBDX6N/HPXDNjFcy1QXF36G5+0a4KxJ/alTTnKX5k7vgASZveYjf8B
A32r25wX9fKpEnPv7xtY9V3l74+w9nHSCv3vjumSIi046Saz4Bjecgs/38e1Go1W
evvx+2psAQszxW+xjkKDMwNTLy0VYAU4spIkOr44yUkjxMygAWl3qeI+BNTwMntE
660vPFpu8XSh7Qkpk4pxOswh0V9zOcDrvI2Qhk1VHRXd/XNmCcuSMktSgRHWy2OI
nLS5N8YvUlAWP7Rlw/1d9Q3i1DLpk7je08MBJwuGkSmwVALa7n1D0JqJJ/oRxBhW
grLLVceIBnayYSTDLOxAjVSpG6P3FYoUdxEoOGoxwpnKGE+5fHV/i5FgVLI2t3vt
z9hdsuFsUCtbL+eB9K171vUF5BNnE5X6XI/QivMDzvzWcjgjnHo=
=Bh61
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: