Bug#836368: retitle 836368 ITA: pev -- text-based tool to analyze PE files

To: Paulo <kretcheu@gmail.com>
Cc: 836368@bugs.debian.org
Subject: Bug#836368: retitle 836368 ITA: pev -- text-based tool to analyze PE files
From: Stephen Kitt <skitt@debian.org>
Date: Mon, 12 Sep 2016 14:44:26 +0200
Message-id: <[🔎] 20160912124426.ui6eajlg4ozxowhp@sk2.org>
Reply-to: Stephen Kitt <skitt@debian.org>, 836368@bugs.debian.org
In-reply-to: <8bf843a4-3a32-9011-e4dd-e2d93e60eee7@gmail.com>
References: <8bf843a4-3a32-9011-e4dd-e2d93e60eee7@gmail.com>

Hi Paulo,

On Sat, Sep 03, 2016 at 11:54:04PM -0300, Paulo wrote:
> I working in this package, it's almost done, there are some issues to solve.
> 
> I uploaded to mentors a version 0.70-1

It would be nice if you could base your updated package on Petter
Reinholdtsen's version 0.50 since that has been uploaded to the
archive (and pulled into collab-maint).

I've reviewed your current package on mentors; here are my comments...

The package descriptions could be improved: something like

Description: PE (Portable Executable) analysis toolkit
 pev is a toolkit to work with PE (Portable Executable) binaries
 commonly used on Windows operating systems.
 .
 Its main goal is to provide feature-rich tools enabling proper
 analysis of binaries, especially suspicious ones. It's typically used
 to analyse malware and viruses.

for pev,

Description: PE (Portable Executable) analysis library
 libpe provides functions to extract information from
 PE32/PE32+-format binaries (32- and 64-bit Windows executables), such
 as headers, sections, resources... This format is used by .EXE
 programs, .DLL dynamic-link libraries, .OCX component libraries and
 many others.

for libpe1 (dropping "libpe1" so you don't need to update the
description for a soname change), and likewise for libpe-dev (with the
extra paragraph you already have).

In debian/rules, you should use

	export DEB_BUILD_MAINT_OPTIONS=hardening=+all

instead of manually specifying the CFLAGS and LDFLAGS for hardening;
that way, dpkg will use the appropriate flags for each platform.

In debian/copyright, license information for lib/libfuzzy and
lib/libudis86 is missing; also, the pev code still has GPL-3+ headers
(despite the authors' intentions as evidenced by the change in the
LICENSE file). In any case, the licensing situation means that 0.70
can't be uploaded to Debian; pev needs an OpenSSL licensing exception
which will be included in the next version (see
https://github.com/merces/pev/issues/98 for details).

Thanks for the work you've put into the packaging, you obviously care
about getting it right! I'll happily sponsor the package once it's in
an uploadable state (which really depends on upstream now).

Regards,

Stephen

Reply to:

Prev by Date: Processed: your mail
Next by Date: Bug#837556: ITP: lorene -- framework for numerical relativity
Previous by thread: Bug#837539: ITP: minicoredumper -- generate minimal and customized core dump files on Linux
Next by thread: Bug#837556: ITP: lorene -- framework for numerical relativity
Index(es):
- Date
- Thread