Hi! On Thu, 2018-09-20 at 17:19:02 -0700, Russ Allbery wrote: > Jeremy Bicha <jbi...@debian.org> writes: > > On Thu, Sep 20, 2018 at 6:18 PM Russ Allbery <r...@debian.org> wrote: > >> Maybe exclude shared libraries linked with glib (and whatever the Qt > >> equivalent is)? > > > One package that triggers this tag a lot is samba and it doesn't use > > glib or qt. > > > https://lintian.debian.org/maintainer/pkg-samba-ma...@lists.alioth.debian.org.html#samba > > I wonder if we would get all of the utility out of the tag if instead it > looked for shared libraries with no NEEDED metadata. I think it's only > catching libraries that aren't linked with anything else, so maybe just > check for that explicitly?
Yeah probably better than the status-quo. Any kind of plugin would need to be excluded though, because it might simply be using symbols from the loading binary (via -rdynamic). It would still emit false-positives for any library that implements language run-times or does syscall wrapping. This might include any new language implementing their own lib<lang>.so and not basing that on libc.so, or even things like libaio.so, which for a while did not need to be linked against libc! (Although for probably bad reasons, because reimplementing syscall(2) is not very sane, or even using _syscall(2) which might have not pulled the dep. :) So, I'd say the trade-off is worth it, as there's definitely going to be way less false-positives on language run-time libraries, than the current false-positives. Thanks, Guillem