Bug#990718: RFS: duma/2.5.21-1 [ITA] -- Detect Unintended Memory Access - A Red-Zone memory allocator

[Bastian Germann <bage@debian.org>]

Hi Peter,

There was one QA (2.5.15-3) upload since you started your packaging effort. 
Please include the changelog entry in your version. The changes themselves are 
irrelevant with your upstream change.

On Thu, 8 Jul 2021 13:04:29 +0100 Peter <peter@pblackman.plus.com> wrote:
>   duma (2.5.21-1) unstable; urgency=medium

Please keep the -1 as revision even if you provide new uploads on mentors.

>   .
>     * Adopt package. (Closes: #565925)
>     * New Upstream Release. (Closes: #550660, #623495, #655892)
>     * Fixes FTBFS with GCC-11  (#984041)

Add a "Closes: " for this entry.

>     * Use hardening flags, fixes bindnow, (Closes: #532483)
>     * Use changelog file date instead of system date for build date
>     * DEP-5 copyright

The license name has to be GPL-2+ because it has the "or later" clause.
Fix trailing whitespace.

Some files are licensed under LGPL 2.1+. Please identify them and add the license.

>     * Add autopkgtests
>     * Preserve Debian's CFLAGS etc (use += , not just = , in makefile)

Your 002-makefile.patch also has:
* Enable bindnow by using LDFLAGS
* C++14 standard needed tor testoperators.cpp

These two changes do not need a patch. Instead you can control the make 
variables via the debian/rules file.

> I have dropped the patch from bug #532483 as Ubuntu dropped it in Focal Fossa.
>
>
> Regards,
> Peter Blackman

Please do not add lintian overrides because the warnings are all valid. You do 
not have to address them for your first version because they are already in the 
package. But in the future it may be good to split out the library to separate 
binary packages.

For bonus points you can use uscan's git mode (debian/watch) and add the 
upstream maintainer's GPG key that he uses to sign the release tags.

Thanks,
Bastian