On 14/11/2018 at 10:11, Jérôme Lebleu wrote: > I have attached lintian output of the last build I have done (commit > 63597339), if it can help regarding the time you have.
Sorry, here is the attached file...
N: Using profile debian/main. N: Setting up lab in /tmp/temp-lintian-lab-lo5kzYMntK ... N: Starting on group qlcplus/4.12.0-1 N: Unpacking packages in group qlcplus/4.12.0-1 N: ---- N: Processing changes file qlcplus (version 4.12.0-1, arch all amd64) ... N: ---- N: Processing source package qlcplus (version 4.12.0-1, arch source) ... I: qlcplus source: out-of-date-standards-version 4.1.5 (released 2018-07-04) (current is 4.2.1) N: N: The source package refers to a Standards-Version older than the one that N: was current at the time the package was created (according to the N: timestamp of the latest debian/changelog entry). Please consider N: updating the package to current Policy and setting this control field N: appropriately. N: N: If the package is already compliant with the current standards, you N: don't have to re-upload the package just to adjust the Standards-Version N: control field. However, please remember to update this field next time N: you upload the package. N: N: See /usr/share/doc/debian-policy/upgrading-checklist.txt.gz in the N: debian-policy package for a summary of changes in newer versions of N: Policy. N: N: Refer to N: https://www.debian.org/doc/packaging-manuals/upgrading-checklist.txt for N: details. N: N: Severity: wishlist, Certainty: certain N: N: Check: standards-version, Type: source N: I: qlcplus source: testsuite-autopkgtest-missing N: N: This package does not declare a test suite. N: N: Having a test suite aids with automated quality assurance of the archive N: outside of your package. For example, if your package has a test suite N: it is possible to re-run that test suite when any of your package's N: dependencies have a new version and check whether that update causes N: problems for your package. N: N: In addition, since May 2018 such tests now influence migration from N: unstable to testing: N: N: https://lists.debian.org/debian-devel-announce/2018/05/msg00001.html N: N: Please add a debian/tests/control file to your package to declare a N: testsuite, but please make sure to only add autopkgtests if they provide N: meaningful coverage of your package. N: N: Refer to https://ci.debian.net/doc/ for details. N: N: Severity: wishlist, Certainty: certain N: N: Check: testsuite, Type: source N: P: qlcplus source: debian-watch-does-not-check-gpg-signature N: N: This watch file does not include a means to verify the upstream tarball N: using cryptographic signature. N: N: If upstream distributions provide such signatures, please use the N: pgpsigurlmangle options in this watch file's opts= to generate the URL N: of an upstream GPG signature. This signature is automatically downloaded N: and verified against a keyring stored in N: debian/upstream/signing-key.asc. N: N: Of course, not all upstreams provide such signatures, but you could N: request them as a way of verifying that no third party has modified the N: code against their wishes after the release. Projects such as N: phpmyadmin, unrealircd, and proftpd have suffered from this kind of N: attack. N: N: Refer to the uscan(1) manual page for details. N: N: Severity: pedantic, Certainty: certain N: N: Check: watch-file, Type: source N: N: ---- N: Processing binary package qlcplus-common (version 4.12.0-1, arch all) ... N: ---- N: Processing binary package qlcplus-dbgsym (version 4.12.0-1, arch amd64) ... N: ---- N: Processing binary package qlcplus (version 4.12.0-1, arch amd64) ... I: qlcplus: hardening-no-fortify-functions usr/lib/x86_64-linux-gnu/qt5/plugins/qlcplus/libmidiplugin.so N: N: This package provides an ELF binary that lacks the use of fortified libc N: functions. Either there are no potentially unfortified functions called N: by any routines, all unfortified calls have already been fully validated N: at compile-time, or the package was not built with the default Debian N: compiler flags defined by dpkg-buildflags. If built using N: dpkg-buildflags directly, be sure to import CPPFLAGS. N: N: NB: Due to false-positives, Lintian ignores some unprotected functions N: (e.g. memcpy). N: N: Refer to https://wiki.debian.org/Hardening and N: https://bugs.debian.org/673112 for details. N: N: Severity: normal, Certainty: wild-guess N: N: Check: binaries, Type: binary, udeb N: W: qlcplus: package-name-doesnt-match-sonames libqlcplusengine1 libqlcplusui1 libqlcpluswebaccess1 N: N: The package name of a library package should usually reflect the soname N: of the included library. The package name can determined from the N: library file name with the following code snippet: N: N: $ objdump -p /path/to/libfoo-bar.so.1.2.3 | sed -n -e's/^[[:space:]]*SONAME[[:space:]]*//p' | \ N: sed -r -e's/([0-9])\.so\./\1-/; s/\.so(\.|$)//; y/_/-/; s/(.*)/\L&/' N: N: Severity: normal, Certainty: possible N: N: Check: binaries, Type: binary, udeb N: I: qlcplus: desktop-entry-lacks-keywords-entry usr/share/applications/qlcplus-fixtureeditor.desktop N: N: This .desktop file does either not contain a "Keywords" entry or it does N: not contain any keywords not already present in the "Name" or N: "GenericName" entries. N: N: .desktop files are organized in key/value pairs (similar to .ini files). N: "Keywords" is the name of the entry/key in the .desktop file containing N: keywords relevant for this .desktop file. N: N: The desktop-file-validate tool in the desktop-file-utils package is N: useful for checking the syntax of desktop entries. N: N: Refer to N: https://specifications.freedesktop.org/desktop-entry-spec/latest/ar01s06.html, N: https://bugs.debian.org/693918, and N: https://wiki.gnome.org/Initiatives/GnomeGoals/DesktopFileKeywords for N: details. N: N: Severity: wishlist, Certainty: certain N: N: Check: menu-format, Type: binary N: I: qlcplus: desktop-entry-lacks-keywords-entry usr/share/applications/qlcplus.desktop W: qlcplus: non-dev-pkg-with-shlib-symlink usr/lib/x86_64-linux-gnu/libqlcplusengine.so.1.0.0 usr/lib/x86_64-linux-gnu/libqlcplusengine.so N: N: Although this package is not a "-dev" package, it installs a N: "libsomething.so" symbolic link referencing the corresponding shared N: library. When the link doesn't include the version number, it is used by N: the linker when other programs are built against this shared library. N: N: Shared libraries are supposed to place such symbolic links in their N: respective "-dev" packages, so it is a bug to include it with the main N: library package. N: N: However, if this is a small package which includes the runtime and the N: development libraries, this is not a bug. In the latter case, please N: override this warning. N: N: Refer to Debian Policy Manual section 8.4 (Development files) for N: details. N: N: Severity: normal, Certainty: possible N: N: Check: shared-libs, Type: binary, udeb N: W: qlcplus: non-dev-pkg-with-shlib-symlink usr/lib/x86_64-linux-gnu/libqlcpluswebaccess.so.1.0.0 usr/lib/x86_64-linux-gnu/libqlcpluswebaccess.so W: qlcplus: non-dev-pkg-with-shlib-symlink usr/lib/x86_64-linux-gnu/libqlcplusui.so.1.0.0 usr/lib/x86_64-linux-gnu/libqlcplusui.so I: qlcplus: no-symbols-control-file usr/lib/x86_64-linux-gnu/libqlcplusengine.so.1.0.0 N: N: Although the package includes a shared library, the package does not N: have a symbols control file. N: N: dpkg can use symbols files in order to generate more accurate library N: dependencies for applications, based on the symbols from the library N: that are actually used by the application. N: N: Refer to the dpkg-gensymbols(1) manual page and N: https://wiki.debian.org/UsingSymbolsFiles for details. N: N: Severity: wishlist, Certainty: certain N: N: Check: shared-libs, Type: binary, udeb N: I: qlcplus: no-symbols-control-file usr/lib/x86_64-linux-gnu/libqlcpluswebaccess.so.1.0.0 I: qlcplus: no-symbols-control-file usr/lib/x86_64-linux-gnu/libqlcplusui.so.1.0.0 N: Finished processing group qlcplus/4.12.0-1 N: 2 tags overridden (2 errors) I: Lintian run was successful.
signature.asc
Description: OpenPGP digital signature
