Hi Russ, On Tue, Mar 06, 2012 at 10:08:31AM -0800, Russ Allbery wrote: > Kees Cook <k...@debian.org> writes: > > > This was the big problem. I spent a lot of time trying to see how bad it > > would be to fix every build in the testsuite to DTRT with respect to > > dpkg-buildflags, but it was a losing battle. Or, at least, a tedious > > battle. Ultimately I decided it was better to just have the hardening > > checker disable itself in the face of the other tests. > > > I'm open to ideas for this part, but a lot of the test builds don't pass > > all the needed flags, or hard code flags, etc etc. Changing the compat > > level worked for many of the failures, but not all and left about 30 > > that still needed to be changed by hand. If it's important to do this > > strictly correct, I can, it'll just take me a while. > > The general intent of the Lintian test suite is that the packages it > produces should be Lintian-clean except for the tags that the package is > specifically testing (or others that are unavoidable for some reason). So > when new requirements for Debian packages are added, as a general rule of > thumb we want to update the test suite so that it meets those requirements > except for those tests that are testing Lintian's tags for those > requirements. > > So, this is work that does need to be done eventually, I think. That > doesn't mean it has to be a blocker for getting the tag into Lintian, > though.
Okay. In that case, I think the work needs to be broken into several pieces: - make lintian work for wheezy (but disable internal tests for hardening) - build internal hardening test for all archs (hook to generate tags file) - fix other lintian internal tests to work with hardening check - backport hardening check to work on squeeze -Kees -- Kees Cook @debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
