On Mon, Oct 07, 2019 at 05:25:07PM +0200, Thomas Dettbarn wrote:
Hello Matthew.
Yes, it does explain EVERYTHING in great detail.
Unfortunately, that is the opposite of helpful. ;)
So in some other words:
Rules-Requires-Root can be set to "no" unless you ship some files with
non-standard owner or group, or perhaps do something very strange with
permissions. A package that doesn't require elevated privileges can be
built fine without root.
"Insecure URI" is about using http:// not https://. In this case, the
https:// URL does not work -- so it's a deficiency of the webpage, not
fixable without upstream's help. In your case, though, you may have a quite
easy time contacting upstream. Note that this is not even a warning,
merely a wishlist item.
Likewise, autopkgtests are nice but I don't really see a way to make one
for this package.
On Oct 7, 2019, at 01:25, Thomas Dettbarn <dettus@dettus.net> wrote:
Despite my best effords, there are still a handful of lintian warnings left. Naturally, I would like to get rid of them:
I debian-watch-uses-insecure-uri
http://www.dettus.net/dMagnetic
I testsuite-autopkgtest-missing
P rules-requires-root-missing
X debian-watch-does-not-check-gpg-signature
dmagnetic
I description-synopsis-might-not-be-phrased-properly
"Play classic textadventures from Magnetic Scrolls in glorious ANSI Art."
I hardening-no-bindnow
usr/games/dMagnetic
I hardening-no-fortify-functions
usr/games/dMagnetic
Whilst there is nothing I will be able to do about the "insecure iru" and "gpg signature", the "rules-requires-root-missing" is bugging me.
What EXACTLY is it that I have to put into the debian/control and debian/rules files, so that this message disappears? The only root-permissions my package needs are during the installation process. Not whilst building, not whilst running.
PLEASE DO NOT JUST COPY&PASTE A LINK TO THE DOCUMENTATION IN HERE. PLEASE HELP ME.
I believe this requires a “Rules-Requires-Root: no” line in debian/control. Also, while you said not to link to documentation, I should note that if you click through the warning on the package page that you linked it tells you the extended description of this tag that is fairly explicit.