Bug#909267: library-not-linked-against-libc: downgrade from error

[Guillem Jover <guillem@debian.org>]

Hi!

On Thu, 2018-09-20 at 17:19:02 -0700, Russ Allbery wrote:
> Jeremy Bicha <jbicha@debian.org> writes:
> > On Thu, Sep 20, 2018 at 6:18 PM Russ Allbery <rra@debian.org> wrote:
> >> Maybe exclude shared libraries linked with glib (and whatever the Qt
> >> equivalent is)?
> 
> > One package that triggers this tag a lot is samba and it doesn't use
> > glib or qt.
> 
> > https://lintian.debian.org/maintainer/pkg-samba-maint@lists.alioth.debian.org.html#samba
> 
> I wonder if we would get all of the utility out of the tag if instead it
> looked for shared libraries with no NEEDED metadata.  I think it's only
> catching libraries that aren't linked with anything else, so maybe just
> check for that explicitly?

Yeah probably better than the status-quo. Any kind of plugin would need
to be excluded though, because it might simply be using symbols from the
loading binary (via -rdynamic). It would still emit false-positives for
any library that implements language run-times or does syscall wrapping.
This might include any new language implementing their own lib<lang>.so
and not basing that on libc.so, or even things like libaio.so, which for
a while did not need to be linked against libc! (Although for probably
bad reasons, because reimplementing syscall(2) is not very sane, or
even using _syscall(2) which might have not pulled the dep. :)

So, I'd say the trade-off is worth it, as there's definitely going to
be way less false-positives on language run-time libraries, than the
current false-positives.

Thanks,
Guillem