On Wed, 2010-11-10 at 22:42 +0100, Jonas Smedegaard wrote:
> On Wed, Nov 10, 2010 at 02:01:13PM -0300, Felipe Sateler wrote:
> >On Wed, Nov 10, 2010 at 03:00, Hans-Christoph Steiner <h...@at.or.at> wrote:
> >> pd-list-abs is almost done, just waiting on final sign-off from the
> >> upstream author. I guess all new packages with interdependencies
> >> need to be uploaded all together?
> >Ehm, interdependencies (aka circular dependencies) are not allowed. If
> >pd-list-abs needs pd-purepd and purepd needs list-abs, you will need to
> >break the circular dependency somehow (by splitting binary packages,
> >But on the more general issue, one cannot upload packages that depend
> >on packages not in debian.
> Not true: I am pretty sure that I at some point succesfully uploaded a
> bunch of Sugar packages built from multiple sources and interdepending.
> Tricky part is to setup the build environment properly ;-)
> >>> The lintian override in this case is not worth working around IMO
> >>> (the image-file-in-usr-lib one). Just override it. Also, in the long
> >>> description please elaborate on the objects contained in the
> >>> package.
> >> Ok, noted for future packages. I figured there might be some
> >> security issue with images in /usr/lib since JPEGs have been known to
> >> be exploitable.
> >But how would installing them into usr/share will make them
> >unexploitable? Anyways, what is exploitable is a given jpeg viewer, not
> >he file format itself.
> >Finally, I meant that you should drop it from this package too, not
> >only future ones.
> The issue, I believe, is not one of exploitable JPEG code but instead of
> FHS defining /usr/lib as an area for arch-dependent files. Perhaps put
> the files below /usr/share and symlink them to /usr/lib?
> NB! I think you can simplify to declare only a single line in the
> lintian override file (stripping the varying parts).
> Oh, and if not done already, since it is examples they should probably
> be symlinked to /usr/share/doc/<package>/examples/
That's the way it was, but Felipe objected, so I removed it. I don't
have an strong opinion either way, but it would be nice to have a
> >>> I've been thinking: all packages need to do the same fiddling with
> >>> the license and the shlibdeps thingy. Would it be possible to
> >>> abstract this in a makefile snippet? Hopefully one that is not tied
> >>> to short form dh.
> >> That would be possible, but perhaps a patch to dh_shlibdeps would be
> >> the way to do it properly?
> >I'm not quite sure. What do others think?
> Sounds best to me to fix it in dh_shlibdeps if possible.
> - Jonas
> pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers mailing list