Control: owner -1 ! Control: tags -1 +moreinfo
Hi Thomas, required fixes for uploads: - d/changelog: The entries for not released Debian versions should be deleted (preferred) or marked as UNRELEASED. You also can concentrate all entries not part of a prior (Debian) release into the most recent entry. - d/copyright: The license short tag should be GPL-3+ not GPL-3 (note the "+") - d/control: Is colorgcc really needed as B-D? Here it builds without... - d/control: Standard-Version is not latest. - d/compat: Please migrate to compat level 10 -- then also autoreconf and stuff will be run automatically. - d/control: your homepage is down. - d/rules: the override for dh_installchangelogs is not needed. nitpicks, not required for upload - As far as I can see debian/netperfmon.(install|manpages) is not needed, picked up automatically. For the check-all-the-thing I recommend to install this package and run it yourself. I only quoted a bit of it. Use e.g check-all-the-things --checks-output-lines 256 Check-All-The-Things: (nitpick section, but please implement as much as you think makes sense) - several versioned B-Ds are already fulfilled in oldstable, can be dropped: Warning in 'control source Build-Depends:3' value 'dpkg-dev (>= 1.16.1~)': unnecessary versioned dependency: dpkg-dev (>= 1.16.1~). Debian has oldstable -> 1.16.18; stable-kfreebsd -> 1.17.25; stable -> 1.17.27; testing -> 1.18.15; Warning in 'control source Build-Depends:4' value 'libbz2-dev (>= 1.0)': unnecessary versioned dependency: libbz2-dev (>= 1.0). Debian has oldstable -> 1.0.6-4; stable -> 1.0.6-7+b3; unstable -> 1.0.6-8; unstable -> 1.0.6-8+b1; Warning in 'control source Build-Depends:6' value 'libglib2.0-dev (>= 2.0.0)': unnecessary versioned dependency: libglib2.0-dev (>= 2.0.0). Debian has oldstable -> 2.33.12+really2.32.4-5; stable-kfreebsd -> 2.42.1-1; stable -> 2.42.1-1+b1; jessie-backports -> 2.48.0-1~bpo8+1; testing -> 2.50.2-2; experimental -> 2.51.0-2; Warning in 'control source Build-Depends:7' value 'libsctp-dev (>= 1.0.5)': unnecessary versioned dependency: libsctp-dev (>= 1.0.5). Debian has oldstable -> 1.0.11+dfsg-2; stable -> 1.0.16+dfsg-2; unstable -> 1.0.17+dfsg-1; Warning in 'control binary:netperfmeter Recommends:2' value 'subnetcalc (>= 2.0.2)': unnecessary versioned dependency: subnetcalc (>= 2.0.2). Debian has stable-kfreebsd -> 2.1.3-1; testing -> 2.1.3-1+b1; -- your homepage is down: E: debian/control: Homepage: http://www.iem.uni-due.de/~dreibh/netperfm eter/: ERROR (Certainty:certain) Curl:28 HTTP:0 Timeout was reached Connection timed out after 60001 milliseconds E: debian/copyright:4: URL: http://www.iem.uni-due.de/~dreibh/netperfme ter/: ERROR (Certainty:possible) Curl:28 HTTP:0 Timeout was reached Connection timed out after 60000 milliseconds -- flawfinder (could be false positive) $ flawfinder -Q -c . Flawfinder version 1.31, (C) 2001-2014 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 169 ./src/outputfile.cc:153: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. bool OutputFile::printf(const char* str, ...) ./src/outputfile.cc:160: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE- 134). Use a constant for the format specification. (clipped, more hints exists) include-what-you-use: ======================== src/outputfile.h should remove these lines: - #include <iostream> // lines 28-28 =============================== # As per RFC 6068, there should be no slashes after "mailto:";. $ grep -rF mailto:/ . ./src/createsummary.1:mailto://dre...@iem.uni-due.de ./src/netperfmeter.1:mailto://dre...@iem.uni-due.de ./src/combinesummaries.1:mailto://dre...@iem.uni-due.de ./src/pdfmetadata.1:mailto://dre...@iem.uni-due.de ./src/plot-netperfmeter-results.1:mailto://dre...@iem.uni-due.de ./src/extractvectors.1:mailto://dre...@iem.uni-due.de ./src/runtimeestimator.1:mailto://dre...@iem.uni-due.de ./src/pdfembedfonts.1:mailto://dre...@iem.uni-due.de ======================= Typos: ./ChangeLog:5727: priviledges ==> privileges ./src/netperfmeter.cc:528: successfull ==> successful ================= deheader ./src/flow.cc has more than one inclusion of <set> deheader: ./src/tools.cc has more than one inclusion of <stdio.h> deheader: in ./src/combinesummaries.cc, =\s*false portability requires <stdbool.h>. deheader: remove <fstream> from ./src/combinesummaries.cc deheader: remove <iostream> from ./src/combinesummaries.cc deheader: remove <unistd.h> from ./src/combinesummaries.cc deheader: in ./src/control.cc, fopen() portability requires <stdio.h>. deheader: in ./src/control.cc, =\s*false portability requires <stdbool.h>. deheader: in ./src/control.cc, ntohs() portability requires <arpa/inet.h>. deheader: in ./src/control.cc, exit() portability requires <stdlib.h>. deheader: remove <iostream> from ./src/control.cc deheader: remove <poll.h> from ./src/control.cc deheader: remove "tools.h" from ./src/control.cc deheader: remove <sys/sysctl.h> from ./src/cpustatus.cc deheader: remove <sys/types.h> from ./src/cpustatus.cc deheader: remove <errno.h> from ./src/cpustatus.cc deheader: in ./src/createsummary.cc, free() portability requires <stdlib.h>. deheader: in ./src/createsummary.cc, fprintf() portability requires <stdio.h>. deheader: in ./src/createsummary.cc, index() portability requires <strings.h>. deheader: in ./src/createsummary.cc, =\s*true portability requires <stdbool.h>. deheader: in ./src/createsummary.cc, isdigit() portability requires <ctype.h>. deheader: remove <string> from ./src/createsummary.cc deheader: remove <iostream> from ./src/createsummary.cc deheader: in ./src/defragmenter.cc, ntohl() portability requires <arpa/inet.h>. deheader: in ./src/defragmenter.cc, =\s*false portability requires <stdbool.h>. deheader: remove <map> from ./src/defragmenter.cc deheader: remove <stdlib.h> from ./src/defragmenter.cc deheader: in ./src/extractvectors.cc, =\s*false portability requires <stdbool.h>. deheader: remove <string> from ./src/extractvectors.cc deheader: remove <fstream> from ./src/extractvectors.cc deheader: remove <iostream> from ./src/extractvectors.cc (and more, output clipped) Signing GPG Key =============== Your key is too weak -- please consider to transit to something stronger. See also: https://keyring.debian.org/creating-key.html https://riseup.net/en/security/message-security/openpgp/best-practices# use-a-strong-primary-key find -type f -iname '*.asc' -exec cat {} + | hot dearmor | hokey lint hot (hopenpgp-tools) 0.19.4 Copyright (C) 2012-2016 Clint Adams hot comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. hokey (hopenpgp-tools) 0.19.4 Copyright (C) 2012-2016 Clint Adams hokey comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. Key has potential validity: good Key has fingerprint: 7266 D8CD A688 C4D5 1F36 2A62 DF60 5BB0 760F 2D65 Checking to see if key is OpenPGPv4: V4 Checking to see if key is RSA or DSA (>= 2048-bit): DSA 1024 Checking user-ID- and user-attribute-related items: Thomas Dreibholz <dre...@iem.uni-due.de>: Self-sig hash algorithms: [SHA-1] Preferred hash algorithms: [SHA-1, RIPEMD-160] Key expiration times: [] Key usage flags: [[sign-data, certify-keys]] Thomas Dreibholz <dre...@exp-math.uni-essen.de>: Self-sig hash algorithms: [SHA-1] Preferred hash algorithms: [RIPEMD-160, SHA-1] Key expiration times: [] Key usage flags: [] Thomas Dreibholz <dre...@simula.no>: Self-sig hash algorithms: [SHA-1] Preferred hash algorithms: [SHA-256, SHA-1, SHA-384, SHA-512, SHA- 224] Key expiration times: [] Key usage flags: [[sign-data, certify-keys]] <uat:[jpeg:17616:c0af10648640]>: Self-sig hash algorithms: [SHA-1] Preferred hash algorithms: [SHA-1, SHA-256, RIPEMD-160] Key expiration times: [] Key usage flags: [[sign-data, certify-keys]] Checking subkeys: one of the subkeys is encryption-capable: False fpr: 7A6A D097 0FF8 E7FB B9C6 E1AD 7DC9 A272 E842 F628 version: v4 timestamp: 20010507-095508 algo/size: Elgamal encrypt-only 2048 binding sig hash algorithms: [SHA-1] usage flags: [] embedded cross-cert: False cross-cert hash algorithms: [SHA-1]
