HI Benjamin, On Fri, Feb 05, 2021 at 07:26:32PM -0800, Benjamin Redelings wrote: > I'm getting ready to upload changes for bali-phy version 3.6.0 to the repo > on salsa.
Thanks for working on this upgrade. Please always push your changes to salsa. You can not do any harm since the package is not automatically uploaded but always checked before by a Debian Developer. > Building the new version was pretty smooth, but I got some > lintian "I" tags in testing that I don't remember seeing before. Here's the > lintian output from pbuilder > > +++ lintian output +++ > su: warning: cannot change directory to /nonexistent: No such file or > directory > I: bali-phy: hardening-no-fortify-functions usr/bin/alignment-cat > I: bali-phy: hardening-no-fortify-functions usr/bin/alignment-chop-internal > I: bali-phy: hardening-no-fortify-functions usr/bin/alignment-consensus > I: bali-phy: hardening-no-fortify-functions ... use --no-tag-display-limit > to see all (or pipe to a file/program) I admit I have other packages where I'm unable to solve this kind of issues. Sometimes this are false positives. Since we are really close to the freeze lets ignore these right now. > I: bali-phy: package-contains-documentation-outside-usr-share-doc > usr/lib/bali-phy/help/alphabets.txt > I: bali-phy: package-contains-documentation-outside-usr-share-doc > usr/lib/bali-phy/help/alphabets/Codons.txt > I: bali-phy: package-contains-documentation-outside-usr-share-doc > usr/lib/bali-phy/help/alphabets/Doublets.txt > I: bali-phy: package-contains-documentation-outside-usr-share-doc ... use > --no-tag-display-limit to see all (or pipe to a file/program) If you think the documentation resides where the code / users are expecting it to be that's fine. If you want to get rid of this lintian issue simply override it. > I: bali-phy: package-contains-empty-directory > usr/share/doc/bali-phy/examples/models/regresssion/ Well, is this really intended to have an empty directory here? WHat is the purpose? > I: bali-phy: unused-override spelling-error-in-binary usr/bin/statreport AfE > Safe > +++ end of lintian output +++ Simply delete the override in the packaging. > 1. The package-contains-documentation-outside-usr-share-doc are all wrong -- > these files are not documentation. So an override featuring this statement as a comment would make sense. > 2. I'm curious about the `hardening-no-fortify-functions` tags. It seems > that the -D_FORTIFY_SOURCE=2 is indeed getting passed to the compiler, but > it looks like all the executables are still getting flagged as unfortified > anyway. Is there a way to look into this further? Feel free to discuss this on [email protected]. I personally would not mind. Thanks again for your cooperation to package bali-phy Andreas. -- http://fam-tille.de
