Re: Please review ccrypt 1.10-5

To: Alexander Kulak <sa-dev@rainbow.by>
Cc: debian-security-tools@lists.debian.org
Subject: Re: Please review ccrypt 1.10-5
From: Raphael Hertzog <hertzog@debian.org>
Date: Tue, 13 Mar 2018 11:07:56 +0100
Message-id: <[🔎] 20180313100756.GA4383@home.ouaza.com>
Mail-followup-to: Raphael Hertzog <hertzog@debian.org>, Alexander Kulak <sa-dev@rainbow.by>, debian-security-tools@lists.debian.org
In-reply-to: <[🔎] alpine.DEB.2.20.1803131006070.32132@fear.rainbow.by>
References: <[🔎] alpine.DEB.2.20.1803131006070.32132@fear.rainbow.by>

Hello,

On Tue, 13 Mar 2018, Alexander Kulak wrote:
> Please review the ccrypt 1.10-5 prepared in HEAD (should I push
> version tags on my own decision before review?)

No, in general the one sponsoring the upload will create and push the tag.

> It sets new maintainer and fixes non-critical error and a bunch
> of warnings on install.
> If it's enough for publishing, please consider sponsoring it.

I looked at your package but I'm not familiar with the emacs integration thing.
I saw that you have a lintian warning about this:

W: ccrypt: emacsen-common-without-dh-elpa
N:
N:   The package uses the emacsen-common infrastructure but the package was
N:   not built with dh-elpa. Please consider transitioning the package
N:   build to use dh-elpa, unless the package is required to work with
N:   XEmacs.
N:   
N:   dh-elpa centralises the emacsen-common maintscripts, which makes for
N:   fewer bugs, and significantly easier cross-archive updates to emacsen
N:   packages.
N:   
N:   In addition, a package built with dh-elpa integrates with the GNU
N:   Emacs package manager, for a better user experience.
N:   
N:   Refer to the dh_elpa(1) manual page, the dh-make-elpa(1) manual page,
N:   and https://pkg-emacsen.alioth.debian.org/ for details.
N:   
N:   Severity: normal, Certainty: certain
N:   
N:   Check: elpa, Type: binary

Is there a reason for you to not use dh-elpa? If yes, then please override
the lintian tag and document the reason as a comment in the lintian override
file.

If there is no reason, please consider using it.

I saw a bunch of other minor problems reported by lintian (with -I to have
informational tags too):

I: ccrypt source: testsuite-autopkgtest-missing

It's OK to not have such tests but here it would likely be not too hard to
write a few tests and I invite you to consider writing some.

I: ccrypt: hardening-no-bindnow usr/bin/ccguess
I: ccrypt: hardening-no-bindnow usr/bin/ccrypt

This can be fixed with "export DEB_BUILD_MAINT_OPTIONS = hardening=+all" in debian/rules.

I: ccrypt: spelling-error-in-manpage usr/share/man/man1/ccrypt.1.gz contructed constructed

Simple typo.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/

Reply to:

Follow-Ups:
- Re: Please review ccrypt 1.10-5
  - From: Raphael Hertzog <hertzog@debian.org>
- Re: Please review ccrypt 1.10-5
  - From: Alexander Kulak <sa-dev@rainbow.by>

References:
- Please review ccrypt 1.10-5
  - From: Alexander Kulak <sa-dev@rainbow.by>

Prev by Date: Re: Please review ccrypt 1.10-5
Next by Date: Re: Please review ccrypt 1.10-5
Previous by thread: Re: Please review ccrypt 1.10-5
Next by thread: Re: Please review ccrypt 1.10-5
Index(es):
- Date
- Thread