Bug#670334: Sponsoring of notion, a first look

To: Arnout Engelen <arnouten@bzzt.net>
Cc: 670334@bugs.debian.org
Subject: Bug#670334: Sponsoring of notion, a first look
From: Axel Beckert <abe@debian.org>
Date: Wed, 16 May 2012 16:26:58 +0200
Message-id: <[🔎] 20120516142657.GN7261@sym.noone.org>
Reply-to: Axel Beckert <abe@debian.org>, 670334@bugs.debian.org

Hi Arnout,

a few observations (without having gone too deep yet, so I might have overseen
some reasoning):

notion_3+2012042300.orig.tar.gz from your package and
notion-3-2012042300-src.tar.gz from SF seem to differ:

0ffd57a75f2c1a75ce551b3baef1fee0  notion_3+2012042300.orig.tar.gz
96d004374e92e3188608a39afea2d75f  notion-3-2012042300-src.tar.gz

-rw-r--r--  1 abe tar 754121 May 16 15:29 notion_3+2012042300.orig.tar.gz
-rw-r--r--  1 abe tar 762655 Apr 23 18:42 notion-3-2012042300-src.tar.gz

Is this on purpose?

The upstream ChangeLog says "(The ChangeLog will be generated by
release scripts from svn logs)" -- looks like packaging a VCS
snapshot. But the version suggests that an official upstream release
and not a snapshot is packaged. Also such a ChangeLog stub should IMHO
not show up in the Debian package as it's useless.

Even if mentors.d.n hasn't found relevant lintian warnings, the new
lintian does. :-)

W: notion: hardening-no-stackprotector usr/bin/notion
N: 
N:    This package provides an ELF binary that lacks the stack protector
N:    function __stack_chk_fail. Either there are no character arrays used on
N:    the stack of any routines, or the package was not built with the default
N:    Debian compiler flags defined by dpkg-buildflags. If built using
N:    dpkg-buildflags directly, be sure to import CFLAGS and/or CXXFLAGS.
N:    
N:    Refer to http://wiki.debian.org/Hardening for details.
N:    
N:    Severity: normal, Certainty: possible
N:    
N:    Check: binaries, Type: binary, udeb
N: 
W: notion: hardening-no-fortify-functions usr/bin/notion
N: 
N:    This package provides an ELF binary that lacks the use of fortified libc
N:    functions. Either there are no potentially unfortified functions called
N:    by any routines, all unfortified calls have already been fully validated
N:    at compile-time, or the package was not built with the default Debian
N:    compiler flags defined by dpkg-buildflags. If built using
N:    dpkg-buildflags directly, be sure to import CPPFLAGS.
N:    
N:    Refer to http://wiki.debian.org/Hardening for details.
N:    
N:    Severity: normal, Certainty: possible
N:    
N:    Check: binaries, Type: binary, udeb
N: 
W: notion: hardening-no-relro usr/bin/notion
N: 
N:    This package provides an ELF binary that lacks the "read-only
N:    relocation" link flag. This package was likely not built with the
N:    default Debian compiler flags defined by dpkg-buildflags. If built using
N:    dpkg-buildflags directly, be sure to import LDFLAGS.
N:    
N:    Refer to http://wiki.debian.org/Hardening for details.
N:    
N:    Severity: normal, Certainty: certain
N:    
N:    Check: binaries, Type: binary, udeb
N: 
[...]

		Regards, Axel
-- 
 ,''`.  |  Axel Beckert <abe@debian.org>, http://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE
  `-    |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5

Reply to:

Prev by Date: Re: Bug#672268: RFS: kde-gtk-config/2.0-1 [ITP] -- KDE configuration module for GTK+ 2.x and GTK+ 3.x style selection
Next by Date: Request for review: saods9, libstarlink-ast
Previous by thread: Bug#673135: RFS: polyorb/2.8~20110207-1
Next by thread: Request for review: saods9, libstarlink-ast
Index(es):
- Date
- Thread