Bug#831694: RFS: shadowsocks-libev/2.4.7+20160630+ds-3 -- lightweight and secure socks5 proxy

[Christian Seiler <christian@iwakd.de>]

I'm not a DD, so I can't sponsor, but:

On 07/18/2016 04:53 PM, Roger Shimizu wrote:
>   * debian/rules:
>     - Add param "--disable-ssp" to dh_auto_configure command.
>       Thanks to Aaron M. Ucko and Boyuan Yang. (Closes: #829498)

Please don't disable the SSP unconditionally, because it's a useful
defense-in-depth strategy. Especially since you are packaging a
network service, I would really recommend not doing that.

The actual problem appears to be that the build system of your
package sets -Werror (see the build log [1]), because normally
using -fstack-protector* on unsupported architectures is harmless
and just produces a warning.

-Werror is a really bad idea for Debian packages anyway. It's great
for development to squash bugs, but -Werror can also easily break
binNMUs with a later compiler version that introduced a new warning.
(This has happened many times in the past.)

So I would really suggest you disable -Werror for package builds
(there's probably another configure flag for that; if not, ask
upstream for one), then you don't have to disable the SSP and on
platforms that don't support it you'll just get a warning in the
build logs. (And once they do support SSP at some point in the
future with a newer compiler version, then a simple binNMU will
suffice to make use of that.)

>     - Cherry-Pick two patch from upstream as 0004 and 0005

Generally you should describe in the changelog what these patches
do. I would hence suggest an entry like:

   - Cherry-pick the following upstream patches:
       * Fix typo in argument passed to manager command.
       * Use SO_REUSEADDR for remote socket

Regards,
Christian