Hi, On Fri, 10 Mar 2017 21:02:04 +0100 Mateusz Łukasik <mat...@linuxmint.pl> wrote: > Package needs more attention. NMU is correct, a few things should > be change at first better is change revision to 2.2, +nmu is good > but is prefer to native packages. > Second package have a few lintian warning easy to fix: > > W: gmrun source: package-uses-deprecated-debhelper-compat-version 7 > W: gmrun source: ancient-standards-version 3.8.4 (current is 3.9.8) > I: gmrun: hardening-no-bindnow usr/bin/gmrun > > I would fix all lintian warnings and upload tomorrow NMU with > DELAYED/3.
Since there was no update yet I've created a new package and uploaded it to mentors: https://mentors.debian.net/debian/pool/main/g/gmrun/gmrun_0.9.2-2.2.dsc I had misunderstood Mateusz (I thought he has upload rights) and did not notice he had also uploaded gmrun to mentors with the same version (so I have now overwritten what Mateusz uploaded, sorry for that). I've left the standards version and the debhelper compat level untouched as Andreas suggested. However, I've enabled the hardening options (although what the wiki [1] provided for hardening with older debhelper compat versions did not work, as the output from dpkg-buildflags --export=configure are environment variables; I used the `env` binary instead to pass those to dh_auto_configure). I've confirmed that the resulting binary now has both PIE and BIND_NOW enabled (and still works properly). I'm not sure if enabling BIND_NOW in addition to PIE is considered a trivial enough change, or if we should stick to only fixing the bug so it can get unblocked by the release team. Thanks Lukas Schwaighofer [1] https://wiki.debian.org/HardeningWalkthrough
pgpTyX54gBSWk.pgp
Description: OpenPGP digital signature
