[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#790391: marked as done (RFS: bomberclone/0.11.9-5 ITA)



Your message dated Wed, 01 Jul 2015 19:45:34 +0200
with message-id <5594273E.1060308@spiessknafl.at>
and subject line Re: Bug#790391: RFS: bomberclone/0.11.9-5 ITA
has caused the Debian Bug report #790391,
regarding RFS: bomberclone/0.11.9-5 ITA
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
790391: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790391
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package: sponsorship-requests
Severity: important

  Dear mentors,

  I am looking for a sponsor for my package "bomberclone"

 * Package name    : bomberclone
   Version         : 0.11.9-5
   Upstream Author : Steffen Pohle <steffen@bomberclone.de>
 * URL             : http://bomberclone.de/
 * License         : GPL-2
   Section         : games

  It builds those binary packages:

 bomberclone - free Bomberman clone
 bomberclone-data - Data files for bomberclone game

  To access further information about this package, please visit the
following URL:

  http://mentors.debian.net/package/bomberclone


  Alternatively, one can download the package with dget using this
command:

    dget -x
http://mentors.debian.net/debian/pool/main/b/bomberclone/bomberclone_0.1
1.9-5.dsc


  Changes since the last upload:

bomberclone (0.11.9-5) unstable; urgency=medium

  * New maintainer, mutually agreement (Closes: #790143)
  * Switch to dpkg-source 3.0 (quilt) format
  * d/patches/*: added description for existing patches
  * d/control: migrated from cdbs to dh9
  * d/control: extended bomberclone-data description
  * d/control: Standards-Version 3.9.6: no changes required
  * d/control: Added Vcs-* references
  * d/copyright: updated to DEP-5 machine readable copyright format
  * Added patch for gcc5 support (Closes: #777803)
  * d/bomberclone.desktop: added categories (Closes: #737833)

 -- Peter Spiess-Knafl <dev@spiessknafl.at>  Sun, 28 Jun 2015 21:29:44
+0200


The package still has some lintian warnings which I would like to fix,
but don't know how:

- - deprecated-configure-filename
- - hardening-no-fortify-functions


Can someone help me with that? I thought that dh9 automatically takes
care of the hardening?


Additionally I would like to mention, that I got approved for DM, so
after the first few successful uploads a potential sponsor could grant
me upload rights for bomberclone.



  Thank you in advance and Regards,
   Peter Spiess-Knafl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJVkE+SAAoJED/ImGelQYVWC3sQAK7lIcjyuUnVIGCtAtGJMMKb
ldw1Z0h5Qr3WSdbRdyRSzzd+SjYcRgTaz/h8z0mRpR3+cKlGemmeOej4CbtPs121
rpJMqhLgCNNBcDhS1HW6/aiM9R17VF5NmTmHETQzYqXUJ1ACkLrEaBJQGPX2jPaA
PkV7CXENHtjUwhnSxzq2vlOpMQCHWlKmXqonT/xfq833X5eJkirHg9YH2dx0czfp
7Ds7GNbdx991iYLBx9hznGkILvAGwE2uGzX86obK2EctCtHwl9zBKzITI82+X/AI
2U9h8zXzajJJLLqotqQglFSItHawXYCzBropV4GlyHai27Oc1XRCBZ6VFjwd76gk
YiDf9yitOHRBuuwsaBGjnLRCkNWg/H2KL1AsaqQl0Z7MX+BCI6ZINdG6lvqr740H
Ko1Cs8JnuhNJCZ9VssNA9oOHNVPc7ocEji7IYZoMV05wrQ5V/Ob6noDFv5XoG78a
p4ur68ys5Q/1GZUx8uSx6RVUwhP3xyTiaQBFoFeUHhBypsKlSiwGWZ70px4PJvi1
YObYF0z7v42UPKm3pUQcTvzToW3NmKTDyQ6SbBMpZeJFh52cqRfMJFevd1/oM6A+
UNhVkDKHA3+DtKgpx/mbQHauY+0PYRMIbt5HvED5SrQsCkY6XjAtJx4juUqCg/yb
/ky77hJBD7Tm5gu/u5wY
=MzCF
-----END PGP SIGNATURE-----

--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi Tobi!

> You can also improve the existing ones ;-); you do not need to
> rewrite it completly, just amend them with new information. For
> example, if the patch is Debian specific and if not when it has
> been sent upstream; I recommend to always try to reduce the amount
> of patches you carry around by sending them upstream.
> 

I did that :)

>>> 
>>> For the repository: Take a look at gbp-import-dscs(1),
>>> especially the - -debsnap option... You'll love that to have
>>> the complete history of the package in the repository. (Maybe
>>> consider recreate the repository)
>>> 

Did that too (I had to delete the remote repo to allow pushing the
modified history, usually not a good idea, but I think having the full
history is more valuable than some maybe broken local repos). It is an
awesome feature. Thanks for pointing it out to me.

>> 
>> I will take a look at it.
>> 
>> Do you have any idea how I could fix the two lintian warnings, 
>> mentioned in the RFS?
> 
> (Quoting them for reference)
>>> The package still has some lintian warnings which I would like
>>> to fix, but don't know how:
>>> 
>>> - deprecated-configure-filename -
>>> hardening-no-fortify-functions
> 
> deprecated-configure-filename: Run autoreconf and you get this
> warning: warning: autoconf input should be named 'configure.ac',
> not 'configure.in' (you should ask upstream to rename that; point
> htem to [2]; otherwise I'd ignore this for now) -- Beside that, I'd
> recommend to use dh_autoreconf for a autotools based project, but
> that won't fix that tag ;)

I suggested it to upstream.

> [1]
> https://lintian.debian.org/tags/deprecated-configure-filename.html 
> [2]
> https://lists.gnu.org/archive/html/automake/2013-05/msg00049.html
> 
> hardening-no-fortify-functions (I will follow up in an extra mail
> as I now have to leave and this is a little more complicated to
> check. Just two general thoughts on this:) dh9 will only prepare
> everything for hardening; the upstream project can still jeopadize
> it. One thing to check is if the autoconf *overwrites*
> compilerflags instead of appending; Another: there is
> hardening-check in the package hardeing-includes which helps to
> check which unprotected functions are used.
> 

I did look at the build logs. The parameters are passed during
compilation. So I think it is a false positive.


Since the lintian warnings are not that critical, I uploaded the package
.


Now the package does not have to be removed from testing :)

I hereby close the RFS bug. Thank you for your support.

Greetings
Peter



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJVlCc+AAoJED/ImGelQYVWfWoP/3rabz3Z+0MYeABykIa9Rcsn
t7OHqxGPYtW+IIR7EOuRNaX4ejngD2mVAZ5OzqFO7fdBdI3PizQCJRfywNkQi5T/
tEooapF4diIrbTsa7D33Q7msUS/qYFsloGYL1QH4bhv4B9zQnUBCPNPjeNuX5Lw6
FXjEQH2GiQ5QQ3wCh5+kk5D6gr1OsN1xA6oaW+VXwzlsGgsfrkf23QvM30rdASR0
9mrGJnHt5qFNJrt0Xi/3FUVtOPU4EsSLcF71MHi65mi/s3cNhFaNM2F+fi40cNiu
wKBWyWLlW6INdgKYjefzUVSnDktyTRHW6ELkJIwHHoM73o/NJ2o8B3++fFpuDiiQ
fDyoYN78PosXGtF2x6Ns8Is5D0rnktafRE5h6k47sxe/pcefCHbcsJy7TTJtCT9g
aaJJ3m2XZP3Z+gIkyc6dOwlrR7uYJwTw/Yn9tims6fCQYMaG033nGlEWLzNSDaTk
tdVslnR2OMY3Fzi6cgkaoU8ErpBXQ4ToTWqtK0B9gEIYrJ4qGCQC2ztQgmh5bmMP
6UZjjMEcs0990dbJcCpncUOQ5ZRAilCkoESiM/wKj4sl6R4uxbuO2/dieLMphXig
I1/iZYH7A/3qS1Qa0OzVpL+x89TYl3M45Ol8T241mf7A89rM6XaVojdcW8mxQIW7
lXeg/yKjtv7cLBAS/vCk
=DlzP
-----END PGP SIGNATURE-----

--- End Message ---

Reply to: