On 12.03.2017 21:43 +0200, Lukas Schwaighofer wrote:
Hi,
Hello,
On Fri, 10 Mar 2017 21:02:04 +0100
Mateusz Łukasik <mat...@linuxmint.pl> wrote:
Package needs more attention. NMU is correct, a few things should
be change at first better is change revision to 2.2, +nmu is good
but is prefer to native packages.
Second package have a few lintian warning easy to fix:
W: gmrun source: package-uses-deprecated-debhelper-compat-version 7
W: gmrun source: ancient-standards-version 3.8.4 (current is 3.9.8)
I: gmrun: hardening-no-bindnow usr/bin/gmrun
I would fix all lintian warnings and upload tomorrow NMU with
DELAYED/3.
Since there was no update yet I've created a new package and uploaded
it to mentors:
https://mentors.debian.net/debian/pool/main/g/gmrun/gmrun_0.9.2-2.2.dsc
I had misunderstood Mateusz (I thought he has upload rights) and did
not notice he had also uploaded gmrun to mentors with the same version
(so I have now overwritten what Mateusz uploaded, sorry for that).
I upload it only to check something. I can remove my version if it is
needed.
Try to find sponsor in normal way (RFS bug). I don't have much time at
week, sorry for that.
I've left the standards version and the debhelper compat level
untouched as Andreas suggested. However, I've enabled the hardening
options (although what the wiki [1] provided for hardening with
older debhelper compat versions did not work, as the output from
dpkg-buildflags --export=configure
are environment variables; I used the `env` binary instead to pass
those to dh_auto_configure). I've confirmed that the resulting
binary now has both PIE and BIND_NOW enabled (and still works properly).
I'm not sure if enabling BIND_NOW in addition to PIE is considered a
trivial enough change, or if we should stick to only fixing the bug so
it can get unblocked by the release team.
I think now package should stay untouched only RC bug need be fixed.
After that I suggest making package orphaned and upload as QA to
experimental with more fixes.
Thanks
Lukas Schwaighofer
[1] https://wiki.debian.org/HardeningWalkthrough
--
.''`. Mateusz Łukasik
: :' : http://mati75.eu
`. `' Debian Member - mat...@linuxmint.pl
`- GPG: D93B 0C12 C8D0 4D7A AFBC FA27 CCD9 1D61 11A0 6851
