On Wed, 2010-11-10 at 22:42 +0100, Jonas Smedegaard wrote:
> On Wed, Nov 10, 2010 at 02:01:13PM -0300, Felipe Sateler wrote:
> >On Wed, Nov 10, 2010 at 03:00, Hans-Christoph Steiner <h...@at.or.at> wrote:
> >> pd-list-abs is almost done, just waiting on final sign-off from the 
> >> upstream author.  I guess all new packages with interdependencies 
> >> need to be uploaded all together?
> >
> >Ehm, interdependencies (aka circular dependencies) are not allowed. If 
> >pd-list-abs needs pd-purepd and purepd needs list-abs, you will need to 
> >break the circular dependency somehow (by splitting binary packages, 
> >probably).
> 
> True.
> 
> 
> >But on the more general issue, one cannot upload packages that depend 
> >on packages not in debian.
> 
> Not true: I am pretty sure that I at some point succesfully uploaded a 
> bunch of Sugar packages built from multiple sources and interdepending.
> 
> Tricky part is to setup the build environment properly ;-)
> 
> 
> >>> The lintian override in this case is not worth working around IMO 
> >>> (the image-file-in-usr-lib one). Just override it. Also, in the long 
> >>> description please elaborate on the objects contained in the 
> >>> package.
> >>
> >> Ok, noted for future packages.  I figured there might be some 
> >> security issue with images in /usr/lib since JPEGs have been known to 
> >> be exploitable.
> >
> >But how would installing them into usr/share will make them 
> >unexploitable? Anyways, what is exploitable is a given jpeg viewer, not 
> >he file format itself.
> >Finally, I meant that you should drop it from this package too, not 
> >only future ones.
> 
> The issue, I believe, is not one of exploitable JPEG code but instead of 
> FHS defining /usr/lib as an area for arch-dependent files.  Perhaps put 
> the files below /usr/share and symlink them to /usr/lib?
> 
> NB! I think you can simplify to declare only a single line in the 
> lintian override file (stripping the varying parts).
> 
> Oh, and if not done already, since it is examples they should probably 
> be symlinked to /usr/share/doc/<package>/examples/

That's the way it was, but Felipe objected, so I removed it.  I don't
have an strong opinion either way, but it would be nice to have a
consistent approach.

.hc


> 
> 
> 
> >>> I've been thinking: all packages need to do the same fiddling with 
> >>> the license and the shlibdeps thingy. Would it be possible to 
> >>> abstract this in a makefile snippet? Hopefully one that is not tied 
> >>> to short form dh.
> >>
> >> That would be possible, but perhaps a patch to dh_shlibdeps would be 
> >> the way to do it properly?
> >
> >I'm not quite sure. What do others think?
> 
> Sounds best to me to fix it in dh_shlibdeps if possible.
> 
> 
>   - Jonas
> 
> _______________________________________________
> pkg-multimedia-maintainers mailing list
> pkg-multimedia-maintainers@lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers



_______________________________________________
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers

Reply via email to