[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1105039: ITP:python3-berkeleydb/18.1.14-1 -- Python interface for Berkeley DB (Python 3.x)



On Mon, 2025-05-12 at 18:58 +0100, Phil Wyett wrote:
> Control: tags -1 +moreinfo
> 
> Andre,
> 
> Review of upload: 2025-05-10 11:11
> 
> For information about the tests run, see:
> 
> https://wiki.debian.org/PhilWyett/DebianMentoring
> 
> Test 4 (sbuild): Information only
> 
> Lintian:
> 
> Running lintian...
> N:
> E: python3-berkeleydb-doc: no-changelog usr/share/doc/python3-berkeleydb-
> doc/changelog.Debian.gz (non-native package)
> N: 
> N:   A Debian package that provides a /usr/share/doc/*pkg* directory must
> N:   install a changelog file.
> N:   
> N:   For native packages the best name is /usr/share/doc/*pkg*/changelog.gz.
> N:   
> N:   For non-native packages the best name is
> N:   /usr/share/doc/*pkg*/changelog.Debian.gz.
> N:   
> N:   This tag may also be emitted when the changelog exists but does not
> N:   otherwise resemble a Debian changelog.
> N: 
> N:   Please refer to Changelog files and release notes (Section 12.7) in the
> N:   Debian Policy Manual for details.
> N: 
> N:   Visibility: error
> N:   Show-Always: no
> N:   Check: debian/changelog
> N:   Renamed from: changelog-file-missing-in-native-package
> N:   debian-changelog-file-missing
> N: 
> N:
> E: python3-berkeleydb-doc: no-copyright-file
> N: 
> N:   Each binary package has to include a plain file
> N:   /usr/share/doc/*pkg*/copyright
> N: 
> N:   Please refer to Copyright information (Section 12.5) in the Debian Policy
> N:   Manual for details.
> N: 
> N:   Visibility: error
> N:   Show-Always: no
> N:   Check: debian/copyright
> N: 
> N:
> E: python3-berkeleydb: relative-library-search-path RUNPATH lib
> [usr/lib/python3/dist-packages/berkeleydb/_berkeleydb.abi3.so]
> N: 
> N:   The binary or shared library sets RPATH or RUNPATH. This overrides the
> N:   normal library search path, possibly interfering with local policy and
> N:   causing problems for multilib, among other issues.
> N:   
> N:   As an aggravating factor, this search path is relative! It is probably
> not
> N:   what you wanted.
> N:   
> N:   The only time a binary or shared library in a Debian package should set
> N:   RPATH or RUNPATH is if it is linked to private shared libraries in the
> N:   same package. In that case, place those private shared libraries in
> N:   /usr/lib/*package*. Libraries used by binaries in other packages should
> be
> N:   placed in /lib or /usr/lib as appropriate, with a proper SONAME, in which
> N:   case RPATH/RUNPATH is unnecessary.
> N:   
> N:   To fix this problem, look for link lines like:
> N:   
> N:       gcc test.o -o test -Wl,--rpath,/usr/local/lib
> N:   
> N:   or
> N:   
> N:       gcc test.o -o test -R/usr/local/lib
> N:   
> N:   and remove the -Wl,--rpath or -R argument.
> N:   
> N:   You can also use the chrpath utility to remove the RPATH.
> N: 
> N:   Please refer to https://wiki.debian.org/RpathIssue, Bug#732682, and
> N:   Bug#732674 for details.
> N: 
> N:   Visibility: error
> N:   Show-Always: no
> N:   Check: binaries/rpath
> N: 
> N:
> W: python3-berkeleydb: debian-changelog-has-wrong-day-of-week 2025-04-03 was a
> Thursday [usr/share/doc/python3-berkeleydb/changelog.Debian.gz:1]
> N: 
> N:   The date in the changelog entry is not consistent with the actual day of
> N:   that week. Either the date is wrong or the day of week is wrong.
> N:   
> N:   To avoid problems like this, consider using a tool like dch(1) or date(1)
> N:   to generate the date. Example:
> N:   
> N:     $ date -R -ud '2013-11-05 23:59:59'
> N:     Tue, 05 Nov 2013 23:59:59 +0000
> N: 
> N:   Visibility: warning
> N:   Show-Always: no
> N:   Check: debian/changelog
> N:   Renamed from: debian-changelog-has-wrong-weekday
> N: 
> N:
> W: python3-berkeleydb source: source-package-encodes-python-version
> N: 
> N:   This source package encodes a Python version in its name such as
> N:   python2-foo or python3-bar.
> N:   
> N:   This could result in a misleading future situation where this source
> N:   package supports multiple versions as well unnecessary given that the
> N:   binary package names will typically encode the supported versions.
> N:   
> N:   Please override this tag with a suitably-commented override if there is
> no
> N:   single upstream codebase that supports both versions.
> N: 
> N:   Visibility: warning
> N:   Show-Always: no
> N:   Check: languages/python
> N: 
> N:
> I: python3-berkeleydb-doc: capitalization-error-in-description-synopsis python
> Python
> N: 
> N:   Lintian found a possible capitalization error in the package synopsis.
> N:   Lintian has a list of common capitalization errors, primarily of upstream
> N:   projects, that it looks for. It does not have a dictionary like a
> spelling
> N:   checker does.
> N: 
> N:   Visibility: info
> N:   Show-Always: no
> N:   Check: fields/description
> N: 
> N:
> I: python3-berkeleydb-doc: extra-license-file [usr/share/doc/python3-
> berkeleydb/license.rst]
> N: 
> N:   All license information should be collected in the debian/copyright file.
> N:   This usually makes it unnecessary for the package to install this
> N:   information in other places as well.
> N: 
> N:   Please refer to Copyright information (Section 12.5) in the Debian Policy
> N:   Manual for details.
> N: 
> N:   Visibility: info
> N:   Show-Always: no
> N:   Check: files/licenses
> N: 
> N:
> I: python3-berkeleydb: hardening-no-bindnow [usr/lib/python3/dist-
> packages/berkeleydb/_berkeleydb.abi3.so]
> N: 
> N:   This package provides an ELF binary that lacks the "bindnow" linker flag.
> N:   
> N:   This is needed (together with "relro") to make the "Global Offset Table"
> N:   (GOT) fully read-only. The bindnow feature trades startup time for
> N:   improved security. Please consider enabling this feature or consider
> N:   overriding the tag (possibly with a comment about why).
> N:   
> N:   If you use dpkg-buildflags, you may have to add hardening=+bindnow or
> N:   hardening=+all to DEB_BUILD_MAINT_OPTIONS.
> N:   
> N:   The relevant compiler flags are set in LDFLAGS.
> N: 
> N:   Please refer to https://wiki.debian.org/Hardening for details.
> N: 
> N:   Visibility: info
> N:   Show-Always: no
> N:   Check: binaries/hardening
> N: 
> N:
> I: python3-berkeleydb: hardening-no-fortify-functions [usr/lib/python3/dist-
> packages/berkeleydb/_berkeleydb.abi3.so]
> N: 
> N:   This package provides an ELF binary that lacks the use of fortified libc
> N:   functions. Either there are no potentially unfortified functions called
> by
> N:   any routines, all unfortified calls have already been fully validated at
> N:   compile-time, or the package was not built with the default Debian
> N:   compiler flags defined by dpkg-buildflags. If built using dpkg-buildflags
> N:   directly, be sure to import CPPFLAGS.
> N:   
> N:   NB: Due to false-positives, Lintian ignores some unprotected functions
> N:   (e.g. memcpy).
> N: 
> N:   Please refer to https://wiki.debian.org/Hardening and Bug#673112 for
> N:   details.
> N: 
> N:   Visibility: info
> N:   Show-Always: no
> N:   Check: binaries/hardening
> N: 
> N:
> I: python3-berkeleydb source: no-dh-sequencer [debian/rules]
> N: 
> N:   This package does not use the dh sequencer in debian/rules.
> N:   
> N:   While maintainers may use a variety of build systems, this one is by far
> N:   the most popular.
> N:   
> N:   Maintainers are strongly encouraged to use the dh sequencer in new
> N:   packages and convert existing ones when appropriate.
> N: 
> N:   Visibility: info
> N:   Show-Always: no
> N:   Check: debian/rules/dh-sequencer
> N: 
> N:
> I: python3-berkeleydb source: uses-deprecated-python-stdlib distutils
> (deprecated in Python 3.10, removed in Python 3.12) [setup3.py:46]
> N: 
> N:   
> N:   The Python library flagged by this tag has been formally marked as
> N:   deprecated.
> N:   
> N:   Please prepare for this deprecation and migrate away from this Python
> N:   library.
> N:   
> N:   See-Also: https://peps.python.org/pep-0594/#deprecated-modules
> N: 
> N:   Visibility: info
> N:   Show-Always: no
> N:   Check: languages/python/stdlib-deprecation
> N: 
> N:
> P: python3-berkeleydb source: source-contains-prebuilt-javascript-object
> [docs/html/searchindex.js]
> N: 
> N:   The source tarball contains a prebuilt (minified) JavaScript object. They
> N:   are usually left by mistake when generating the tarball by not cleaning
> N:   the source directory first. You may want to report this as an upstream
> N:   bug, in case there is no sign that this was intended.
> N: 
> N:   Visibility: pedantic
> N:   Show-Always: no
> N:   Check: files/source-missing
> N: 
> N:
> P: python3-berkeleydb source: source-contains-prebuilt-sphinx-documentation
> [docs/html/]
> N: 
> N:   The source tarball contains prebuilt Sphinx documentation. This is
> usually
> N:   left by mistake when generating the tarball without first cleaning the
> N:   source directory. You may want to report this as an upstream bug if there
> N:   is no sign that this was intended.
> N:   
> N:   It is preferable to rebuild documentation directly from source.
> N: 
> N:   Visibility: pedantic
> N:   Show-Always: no
> N:   Check: cruft
> N: 
> N:
> N: masked by screen python/egg/metadata
> M: python3-berkeleydb: package-contains-documentation-outside-usr-share-doc
> [usr/lib/python3/dist-packages/berkeleydb-18.1.14.egg-
> info/dependency_links.txt]
> N: 
> N:   This package ships a documentation file outside /usr/share/doc
> N:   Documentation files are normally installed inside /usr/share/doc.
> N:   
> N:   If this file doesn't describe the contents or purpose of the directory it
> N:   is in, please consider moving this file to /usr/share/doc/ or maybe even
> N:   removing it. If this file does describe the contents or purpose of the
> N:   directory it is in, please add a lintian override.
> N: 
> N:   Visibility: info
> N:   Show-Always: no
> N:   Check: documentation
> N: 
> N:   Screen: python/egg/metadata
> N:     Advocates: "Scott Kitterman" <debian@kitterman.com>
> N:     Reason: The folders XXX.dist-info/ and XXX.egg-info/ hold metadata for
> N:             Python modules. Those files are not documentation even though
> N:             some of their names carry the .txt file extension.
> N:             
> N:             Python modules can be both public and private.
> N:             
> N:             Read more in
> N:            
> https://www.python.org/dev/peps/pep-0427/#the-dist-info-directory,
> N:             https://www.python.org/dev/peps/pep-0376/#id16,
> N:             https://www.python.org/dev/peps/pep-0610/,
> N:             https://www.python.org/dev/peps/pep-0639/,
> N:            
> https://setuptools.pypa.io/en/latest/deprecated/python_eggs.html,
> N:             and Bug#1003913.
> N: 
> N:
> N: masked by screen python/egg/metadata
> M: python3-berkeleydb: package-contains-documentation-outside-usr-share-doc
> [usr/lib/python3/dist-packages/berkeleydb-18.1.14.egg-info/top_level.txt]
> 
> E: Lintian run failed (policy violation)
> 
> Summary
> =======
> 
> Test 4.
> 
> Could you investigate issues raised.
> 
> Additional
> ==========
> 
> * Please retitle from ITP to RFS.
> 

Could you also consider removing the 'patches' folder with the 'series' file.
These are not required unless there are patches present and in use.

-- 

Regards

Phil

Donate: https://buymeacoffee.com/kathenasorg

--

"I play the game for the game’s own sake"

Arthur Conan Doyle - The Adventure of the Bruce-Partington Plans

--

Internet Relay Chat (IRC): kathenas

Website: https://kathenas.org

Instagram: https://instagram.com/kathenasorg

Threads: https://www.threads.net/@kathenasorg

--




Attachment: signature.asc
Description: This is a digitally signed message part


Reply to: