On Wed, Nov 10, 2010 at 02:01:13PM -0300, Felipe Sateler wrote:
On Wed, Nov 10, 2010 at 03:00, Hans-Christoph Steiner <h...@at.or.at> wrote:
pd-list-abs is almost done, just waiting on final sign-off from the upstream author.  I guess all new packages with interdependencies need to be uploaded all together?

Ehm, interdependencies (aka circular dependencies) are not allowed. If pd-list-abs needs pd-purepd and purepd needs list-abs, you will need to break the circular dependency somehow (by splitting binary packages, probably).


But on the more general issue, one cannot upload packages that depend on packages not in debian.

Not true: I am pretty sure that I at some point succesfully uploaded a bunch of Sugar packages built from multiple sources and interdepending.

Tricky part is to setup the build environment properly ;-)

The lintian override in this case is not worth working around IMO (the image-file-in-usr-lib one). Just override it. Also, in the long description please elaborate on the objects contained in the package.

Ok, noted for future packages.  I figured there might be some security issue with images in /usr/lib since JPEGs have been known to be exploitable.

But how would installing them into usr/share will make them unexploitable? Anyways, what is exploitable is a given jpeg viewer, not he file format itself. Finally, I meant that you should drop it from this package too, not only future ones.

The issue, I believe, is not one of exploitable JPEG code but instead of FHS defining /usr/lib as an area for arch-dependent files. Perhaps put the files below /usr/share and symlink them to /usr/lib?

NB! I think you can simplify to declare only a single line in the lintian override file (stripping the varying parts).

Oh, and if not done already, since it is examples they should probably be symlinked to /usr/share/doc/<package>/examples/

I've been thinking: all packages need to do the same fiddling with the license and the shlibdeps thingy. Would it be possible to abstract this in a makefile snippet? Hopefully one that is not tied to short form dh.

That would be possible, but perhaps a patch to dh_shlibdeps would be the way to do it properly?

I'm not quite sure. What do others think?

Sounds best to me to fix it in dh_shlibdeps if possible.

 - Jonas

 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

Attachment: signature.asc
Description: Digital signature

pkg-multimedia-maintainers mailing list

Reply via email to