On Sun, May 13, 2018 at 11:08:29AM +0300, Yavor Doganov wrote:
> Package: sponsorship-requests
> Severity: important
>
> Dear mentors,
>
> I am looking for a sponsor for my package "ftp.app".
>
> * Package name : ftp.app
> Version : 0.6-2
[snip]
> Changes since the last upload:
>
> * Team upload.
> * debian/compat: Bump to 11.
> * debian/rules: Rewrite for modern dh. Don't convert/install the .xpm
> icon (Closes: #897524). Use standard variables; enable all hardening.
So two things here, both minor, although the optim one might be good to fix:
- you left a mention of $(optim) on the dh_auto_build line, although this
variable is no longer defined in the rules file. This means that it is
1) not needed, and 2) potentially dangerous, since it might introduce weird
compiler flags if it happens to be defined in the environment
- I see that you did indeed active the hardening=+all build flags, yet Lintian
(at least version 2.5.88) still complains about the "FTP" executable file
using non-hardened functions from libc, and indeed a `nm -aoD | fgrep -we U`
does show calls to fread and recv. I don't know if some special flags need
to be passed to the Objective C compiler to make it use the hardened variants
or if it is even possible; I have next to no experience with Objective C,
although it has long been on my list of things to check out some day :)
I can upload this package as-is and leave these items for a later upload;
would you like me to do that?
G'luck,
Peter
--
Peter Pentchev roam@{ringlet.net,debian.org,FreeBSD.org} pp@storpool.com
PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13
Attachment:
signature.asc
Description: PGP signature