Bug#670334: Sponsoring of notion, a first look
Hi Arnout,
a few observations (without having gone too deep yet, so I might have overseen
some reasoning):
notion_3+2012042300.orig.tar.gz from your package and
notion-3-2012042300-src.tar.gz from SF seem to differ:
0ffd57a75f2c1a75ce551b3baef1fee0 notion_3+2012042300.orig.tar.gz
96d004374e92e3188608a39afea2d75f notion-3-2012042300-src.tar.gz
-rw-r--r-- 1 abe tar 754121 May 16 15:29 notion_3+2012042300.orig.tar.gz
-rw-r--r-- 1 abe tar 762655 Apr 23 18:42 notion-3-2012042300-src.tar.gz
Is this on purpose?
The upstream ChangeLog says "(The ChangeLog will be generated by
release scripts from svn logs)" -- looks like packaging a VCS
snapshot. But the version suggests that an official upstream release
and not a snapshot is packaged. Also such a ChangeLog stub should IMHO
not show up in the Debian package as it's useless.
Even if mentors.d.n hasn't found relevant lintian warnings, the new
lintian does. :-)
W: notion: hardening-no-stackprotector usr/bin/notion
N:
N: This package provides an ELF binary that lacks the stack protector
N: function __stack_chk_fail. Either there are no character arrays used on
N: the stack of any routines, or the package was not built with the default
N: Debian compiler flags defined by dpkg-buildflags. If built using
N: dpkg-buildflags directly, be sure to import CFLAGS and/or CXXFLAGS.
N:
N: Refer to http://wiki.debian.org/Hardening for details.
N:
N: Severity: normal, Certainty: possible
N:
N: Check: binaries, Type: binary, udeb
N:
W: notion: hardening-no-fortify-functions usr/bin/notion
N:
N: This package provides an ELF binary that lacks the use of fortified libc
N: functions. Either there are no potentially unfortified functions called
N: by any routines, all unfortified calls have already been fully validated
N: at compile-time, or the package was not built with the default Debian
N: compiler flags defined by dpkg-buildflags. If built using
N: dpkg-buildflags directly, be sure to import CPPFLAGS.
N:
N: Refer to http://wiki.debian.org/Hardening for details.
N:
N: Severity: normal, Certainty: possible
N:
N: Check: binaries, Type: binary, udeb
N:
W: notion: hardening-no-relro usr/bin/notion
N:
N: This package provides an ELF binary that lacks the "read-only
N: relocation" link flag. This package was likely not built with the
N: default Debian compiler flags defined by dpkg-buildflags. If built using
N: dpkg-buildflags directly, be sure to import LDFLAGS.
N:
N: Refer to http://wiki.debian.org/Hardening for details.
N:
N: Severity: normal, Certainty: certain
N:
N: Check: binaries, Type: binary, udeb
N:
[...]
Regards, Axel
--
,''`. | Axel Beckert <abe@debian.org>, http://people.debian.org/~abe/
: :' : | Debian Developer, ftp.ch.debian.org Admin
`. `' | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
`- | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5
Reply to: