Bug#790391: RFS: bomberclone/0.11.9-5 ITA

To: Peter Spiess-Knafl <dev@spiessknafl.at>, 790391@bugs.debian.org
Subject: Bug#790391: RFS: bomberclone/0.11.9-5 ITA
From: Tobias Frost <tobi@debian.org>
Date: Wed, 01 Jul 2015 07:52:05 +0200
Message-id: <[🔎] 1435729925.5674.22.camel@debian.org>
Reply-to: Tobias Frost <tobi@debian.org>, 790391@bugs.debian.org
In-reply-to: <559314B7.3080205@spiessknafl.at>
References: <55904F92.3020903@spiessknafl.at> <1435690939.16482.12.camel@debian.org> <559314B7.3080205@spiessknafl.at>

Am Mittwoch, den 01.07.2015, 00:14 +0200 schrieb Peter Spiess-Knafl:
> Hi Tobi!
> 
> Thanks for taking the time of reviewing.
> 
> > just minor remarks:
> > -changelog entry "d/control: migrated from cdbs to dh9"
> >  implies that changes are only in d/control, maybe remove 
> > d/control.
> > - I'm a fan of DEP3 style patch headers :) Maybe you can tweak your
> > headers? For example this would avoid this question: Did you send
> > upstream the patches?
> 
> Alright, I will improve at least my new patches with DEP3 headers.

You can also improve the existing ones ;-); you do not need to rewrite
it completly, just amend them with new information. For example, if the
patch is Debian specific and if not when it has been sent upstream; I
recommend to always try to reduce the amount of patches you carry
around by sending them upstream.

> > 
> > For the repository: Take a look at gbp-import-dscs(1), especially 
> > the -
> > -debsnap option... You'll love that to have the complete history of 
> > the
> > package in the repository. (Maybe consider recreate the repository)
> >  
> 
> I will take a look at it.
> 
> Do you have any idea how I could fix the two lintian warnings, 
> mentioned
> in the RFS?

(Quoting them for reference)
>> The package still has some lintian warnings which I would like to 
>> fix, but don't know how:
>> 
>>  - deprecated-configure-filename
>>  - hardening-no-fortify-functions

deprecated-configure-filename:
Run autoreconf and you get this warning: warning: autoconf input should
be named 'configure.ac', not 'configure.in'
 (you should ask upstream to rename that; point htem to [2]; otherwise
I'd ignore this for now) -- Beside that, I'd recommend to use
dh_autoreconf for a autotools based project, but that won't fix that
tag ;)

[1] https://lintian.debian.org/tags/deprecated-configure-filename.html
[2] https://lists.gnu.org/archive/html/automake/2013-05/msg00049.html

hardening-no-fortify-functions
(I will follow up in an extra mail as I now have to leave and this is a
little more complicated to check. Just two general thoughts on this:)
dh9 will only prepare everything for hardening; the upstream project
can still jeopadize it.
One thing to check is if the autoconf *overwrites* compilerflags
instead of appending; 
Another: there is hardening-check in the package hardeing-includes
which helps to check which unprotected functions are used.

> Greetings
> Peter
> 
> 
-- 
tobi

Reply to:

Prev by Date: Bug#747032: RFS: libjs-zxcvbn/1.0+dfsg.2-2
Next by Date: Re: Bug#778007: mira: ftbfs with GCC-5
Previous by thread: Bug#747032: RFS: libjs-zxcvbn/1.0+dfsg.2-2
Next by thread: Re: Bug#778007: mira: ftbfs with GCC-5
Index(es):
- Date
- Thread