package file severity 481247 serious thanks Hi Daniel,
I have found another example of a shared library, this one in my unofficial Geant4 packages, that is affected by bug #481247 in "file". See: http://people.debian.org/~kmccarty/libG4detector-4.9.so.5 > wisteria (sid)[1]:~% file libG4detector-4.9.so.5 > libG4detector-4.9.so.5: Linux/i386 core file, dynamically linked, not stripped Given that I've now found two independent examples in only two source packages that I'm working on, this bug no longer seems to be an unlikely one-time occurrence, and may very well have already affected software in the official Debian archive. (Fortunately I have not found any examples in my own /lib or /usr/lib directories, but that is far from a complete sample of the archive.) Mis-detecting a shared library as a core file causes at least the following problems that are in violation of Policy: * dh_strip ignores the shared library in question, causing it to be unstripped in the .deb. * dh_shlibdeps ignores the shared library in question, causing its ${shlibs:Depends} package dependencies to never be substituted into the .deb's control information. Also, Lintian produces spurious errors, for instance: libroot-ruby5.18: pkg-has-shlibs-control-file-but-no-actual-shared-libs libgeant4-4.9-5: unused-shlib-entry-in-control-file libG4detector-4.9 5 instead of the real errors (no dependency info, unstripped binaries) that it *should* be finding. Because the bug can cause Policy violations in packages unrelated to "file", and it is in addition blocking me from uploading the root-system package that I am sponsoring, I am raising the severity to serious. best regards, -- Kevin B. McCarty <[EMAIL PROTECTED]> WWW: http://www.starplot.org/ WWW: http://people.debian.org/~kmccarty/ GPG: public key ID 4F83C751
signature.asc
Description: OpenPGP digital signature
