Russ Allbery wrote:
> Raphael Geissert writes:
>> Russ Allbery wrote:
>
>>> You have to run strings -a if you're going to implement that, at which
>>> point I think chances are pretty high that you're going to get false
>>> positives from the spell checking part.
>
>> Not true; I've already tried without -a and successfully matched the zlib
>> version string.
>
> Hm, you hadn't mentioned that you were going to take that approach, and
> that isn't the approach laid out in that bug report.
Actually it is:
> It should scan .deb files for ELF
> object files which match one of the following Perl regexps:
>
> /inflate ([0-9][ 0-9a-zA-Z.\-]{1,100}[0-9a-zA-Z.\-])/
> /deflate ([0-9][ 0-9a-zA-Z.\-]{1,100}[0-9a-zA-Z.\-])/
$ strings /usr/bin/rsync | egrep 'inflate ([0-9][ 0-9a-zA-Z.\-]{1,100
[0-9a-zA-Z.\-])'
inflate 1.2.3 Copyright 1995-2005 Mark Adler
> The concern I have
> there is false negatives on embedded versions of zlib that don't happen to
> include the static version string. It seems like a fairly natural thing
> to get rid of, and slightly modified versions of zlib are a common
> problem. What specific string are you looking for?
>
> We could try using both methods against the entire archive and make sure
> they find the same thing.
>
>> I checked many packages and didn't find any false positive. In any case,
>> it could be implemented as an experimental check.
>
> I'm okay with implementing it as an experimental check *if* we don't need
> to use strings -a, but I'm not convinced that's the case.
>
Demo above. And diff of the output of strings and strings -a
on /usr/bin/rsync:
2030a2031,2117
> GCC: (Debian 4.3.0-5) 4.3.1 20080523 (prerelease)
> GCC: (Debian 4.3.0-5) 4.3.1 20080523 (prerelease)
> GCC: (Debian 4.3.1-7) 4.3.1
> GCC: (Debian 4.3.1-7) 4.3.1
[...]
> GCC: (Debian 4.3.1-7) 4.3.1
> GCC: (Debian 4.3.0-5) 4.3.1 20080523 (prerelease)
> GCC: (Debian 4.3.1-7) 4.3.1
> GCC: (Debian 4.3.0-5) 4.3.1 20080523 (prerelease)
> .shstrtab
> .interp
> .note.ABI-tag
> .gnu.hash
> .dynsym
> .dynstr
> .gnu.version
> .gnu.version_r
> .rel.dyn
> .rel.plt
> .init
> .text
> .fini
> .rodata
> .eh_frame_hdr
> .eh_frame
> .ctors
> .dtors
> .jcr
> .dynamic
> .got
> .got.plt
> .data
> .bss
> .comment
IOW: nothing useful is obtained from -a.
> (Basically, I just don't think this check is particularly important. It
> has some minor benefits, but I think it's much less important than
> accurately detecting embedded copies of zlib.)
>
>> By the way, pusling mentioned on IRC that we should take care of telling
>> the maintainer how to correctly fix the mistakes without fuzzing the
>> translations. For this all is needed is fix the mistakes in the msgid's
>> of the .po files as well.
>
> I don't believe anything that Lintian currently spell-checks is
> translated.
He was talking about the new check for spell checking binaries.
> I don't remember off-hand why we don't spell-check debconf
> templates. I have some vague memory that it was for a specific reason,
> not just because no one had thought of it, but I don't recall the reason.
>
No idea.
Cheers,
--
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
