My 1.83 RUB: lintian is one of those things that are very important and useful when you know how to use them, which quirks to apply and which parts to ignore, and without that knowledge are maybe useful, maybe useless, maybe harmful, and nobody will tell you that knowledge unless you ask directly. It's also a mandatory part of the infra and workflows, yet it's mostly unmaintained, somewhat bitrotten and in part a victim of unfortunate decisions of previous maintainers. This is a very weird and paradoxical state which also in a large part relects the state of Debian as a whole (luckily, only in a part, not completely).
Random examples: - The most paradoxical thing is the recently "discovered" combination of "old lintian falsely reports a problem in certain packages", "lintian runs as a part of the package acceptance process and some problems are autorejects", "people are supposed to run lintian from sid for packages in sid", "specifically *old* lintian runs as a part of the package acceptance process" and "that lintian can't be upgraded because new one is too slow". - To get full lintian output you need to run it against binary .changes, not against a .deb, a .dsc or a source .changes. And you should run it with a bunch of args enabling lower-severity tags, because some of those are useful. Newer people don't know that even if they know about lintian. Those that don't know will see lintian output when they upload their package to mentors, and which subset they will see depends on which .changes they upload. - lintian tags have descriptions (it's still unclear to me how obvious is that). The most straightforward ways to read them are googling them if you run lintian locally and clicking links if you look at e.g. mentors. But lintian.debian.org is dead. There are also lintian -i and lintian-explain-tags but it's unclear how to learn about them, at least without reading all of lintian(1). - It's impossible to know beforehand which tags you need to address now, which you should address now or some time in the future, which are irrelevant and which must not be followed because they are wrong (in general or are false positives). Severity is also often not correlated with this. My go-to advice for sponsored uploads is "fix whatever your sponsor asks you to fix" and I won't publish my advice for direct uploads which I follow myself. As a bottom line, it's clearly not good enough for the role it currently plays and is becoming worse instead of becoming better, but we don't have a replacement and it needs a lot of man-hours to go back on track. -- WBR, wRAR
signature.asc
Description: PGP signature
