Bug#871957: [lintian] orig-tarball-missing-upstream-signature should exclude repacks

[Chris Lamb]

tags 871957 + pending
thanks

Thanks for the report. This was fixed a little while ago in Git:

  
https://anonscm.debian.org/git/lintian/lintian.git/commit/?id=8914bb025f975e4a5584a3a0203cf808f3d0a430


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Processed: Re: [lintian] orig-tarball-missing-upstream-signature should exclude repacks

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 871957 + pending
Bug #871957 [lintian] [lintian] orig-tarball-missing-upstream-signature should 
exclude repacks
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
871957: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871957
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Re: Upstream Tarball Signature Files

[Paul Hardy]

Russ,

On Sat, Aug 12, 2017 at 7:59 PM, Russ Allbery  wrote:

> Paul Hardy  writes:
>
> > Osamu: I did not mean just accept one format--I meant accept both ".asc"
> > and ".sig" files for ".changes", ".dsc", and uscan files.  I suppose all
> > three manuals you mentioned could be modified to document this.
>
> > I had not brought this up until the latest lintian check on a test build
> > returned an error, but then Sean noted that the lintian error report is a
> > bug.
>
> > If there are no strong objections to this change, I will file a wishlist
> > bug as an "issue" for debian-policy about this.  I will be away next
> > weekend so I will try to put together something before then.
>
> Hi Paul,
>
> This isn't a debian-policy matter.  Support for ".sig" files in *.changes
> and *.dsc would be a bug against dpkg and possibly also in DAK for the
> archive to handle them, and in watch files would be a bug against
> devscripts.
>
> However, I don't think it's a good idea to support multiple file names for
> the same thing.  Instead, package building tools should probably just
> rename *.sig files to *.asc if upstream uses *.sig, the same way thhat
> they rename upstream source tarballs to follow our naming convention
> (which upstream almost never uses).  The bug may be best filed against
> devscripts for uscan --download to rename the signature on download.
>

If it is permissible to rename a ".sig" file as ".asc", I think that is the
best solution because it copies the original signature file unmodified.  I
tried it previously and it worked, but it seemed to me like masquerading
(because a binary file obviously is not an ASCII-armored file) and not
right.

The first part of my request was going to suggest adding ".asc" files in
examples.  The Policy Manual gives sample lists of files that appear in the
Files and Checksums sections (5.6.21 and 5.6.24) of ".dsc" and ".changes"
files using "example_1.2.orig.tar.gz" and "example_1.0.orig.tar.gz".  Do
you think it is appropriate to mention that those sections may contain
signature files of the form "example_1.[02].orig.tar.gz.asc", showing that
file name with the other files?  There seems to be no mention of such a
file in the Policy Manual.  Sections 5.6.21 and 5.6.24 are where I thought
of requesting changes.

It's almost never a good idea to introduce synonyms into any sort of
> standard.  It adds a lot of complexity that has to be maintained forever,
> to very little benefit.


Yes.  My thinking was to maintain the integrity of an upstream signature
when applicable.  Changing the extension of a binary ".sig" file to ".asc"
will do that.

Thank you,


Paul Hardy

Re: Upstream Tarball Signature Files

[Russ Allbery]

Paul Hardy  writes:

> Osamu: I did not mean just accept one format--I meant accept both ".asc"
> and ".sig" files for ".changes", ".dsc", and uscan files.  I suppose all
> three manuals you mentioned could be modified to document this.

> I had not brought this up until the latest lintian check on a test build
> returned an error, but then Sean noted that the lintian error report is a
> bug.

> If there are no strong objections to this change, I will file a wishlist
> bug as an "issue" for debian-policy about this.  I will be away next
> weekend so I will try to put together something before then.

Hi Paul,

This isn't a debian-policy matter.  Support for ".sig" files in *.changes
and *.dsc would be a bug against dpkg and possibly also in DAK for the
archive to handle them, and in watch files would be a bug against
devscripts.

However, I don't think it's a good idea to support multiple file names for
the same thing.  Instead, package building tools should probably just
rename *.sig files to *.asc if upstream uses *.sig, the same way thhat
they rename upstream source tarballs to follow our naming convention
(which upstream almost never uses).  The bug may be best filed against
devscripts for uscan --download to rename the signature on download.

It's almost never a good idea to introduce synonyms into any sort of
standard.  It adds a lot of complexity that has to be maintained forever,
to very little benefit.

-- 
Russ Allbery (r...@debian.org)   

Processed: retitle 871957 to [lintian] orig-tarball-missing-upstream-signature should exclude repacks

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> retitle 871957 [lintian] orig-tarball-missing-upstream-signature should 
> exclude repacks
Bug #871957 [lintian] [uscan] orig-tarball-missing-upstream-signature should 
exclude repacks
Changed Bug title to '[lintian] orig-tarball-missing-upstream-signature should 
exclude repacks' from '[uscan] orig-tarball-missing-upstream-signature should 
exclude repacks'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
871957: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871957
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#871957: [uscan] orig-tarball-missing-upstream-signature should exclude repacks

[Alexandre Viau]

Package: lintian
Version: 2.5.52
Severity: normal

Upstream does not sign my repacks :o).

Please don't trigger orig-tarball-missing-upstream-signature if the
version contains +ds, +debian, or +dfsg.

Cheers,

-- 
Alexandre Viau
av...@debian.org



signature.asc
Description: OpenPGP digital signature

Bug#871956: lintian: false positive: binary-file-built-without-LFS-support on x32

[Adam Borowski]

Package: lintian
Version: 2.5.52
Severity: normal

Hi!
For all 32-bit architectures lintian complains if functions using off_t
instead of off64_t are used.  On legacy architectures, this is indeed a good
check, as for old ABI compatibility reasons sizeof(off_t) is only 4.

However, new 32-bit architectures such as x32 have sizeof(off_t)==8, and
functions like lseek() and lseek64() are the same.

These include at least x32 and arm64ilp32.
Thus, could you please drop these architectures from has_lfs checks?

Reported by Thorsten Glaser, initially found in package cvs.  Most packages
don't trigger this warning as "#define _FILE_OFFSET_BITS 64" pointlessly but
harmlessly aliases off_t to off64_t.


Meow!
-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: x32 (x86_64)

Kernel: Linux 4.13.0-rc4-debug-00052-gbdd287aecdf1 (SMP w/6 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages lintian depends on:
ii  binutils  2.29-4
ii  bzip2 1.0.6-8.1
ii  diffstat  1.61-1
ii  dpkg  1.18.24
ii  file  1:5.31-1
ii  gettext   0.19.8.1-2+b3
ii  intltool-debian   0.35.0+20060710.4
ii  libapt-pkg-perl   0.1.32+b2
ii  libarchive-zip-perl   1.59-1
ii  libclass-accessor-perl0.34-1
ii  libclone-perl 0.38-2+b2
ii  libdpkg-perl  1.18.24
ii  libemail-valid-perl   1.202-1
ii  libfile-basedir-perl  0.07-1
ii  libipc-run-perl   0.96-1
ii  liblist-moreutils-perl0.416-1+b3
ii  libparse-debianchangelog-perl 1.2.0-12
ii  libperl5.26 [libdigest-sha-perl]  5.26.0-5
ii  libtext-levenshtein-perl  0.13-1
ii  libtimedate-perl  2.3000-2
ii  liburi-perl   1.72-1
ii  libxml-simple-perl2.24-1
ii  libyaml-libyaml-perl  0.63-2+b2
ii  man-db2.7.6.1-2
ii  patchutils0.3.4-2
ii  perl  5.26.0-5
ii  t1utils   1.40-2
ii  xz-utils  5.2.2-1.3

Versions of packages lintian recommends:
pn  libperlio-gzip-perl  

Versions of packages lintian suggests:
pn  binutils-multiarch 
ii  dpkg-dev   1.18.24
ii  libhtml-parser-perl3.72-3+b2
pn  libtext-template-perl  

-- no debconf information

Re: Upstream Tarball Signature Files

[Paul Hardy]

On Tue, Aug 8, 2017 at 5:13 AM, Osamu Aoki  wrote:

> Hi,
>
> On Tue, Aug 08, 2017 at 10:48:08AM +0200, Guillem Jover wrote:
> ...
> > On Mon, 2017-08-07 at 20:26:41 -0700, Paul Hardy wrote:
> > > Also, where signature files are desired, I think it would be
> beneficial to
> > > also accept binary ".sig" files as an alternative to ".asc" files, for
> > > example as produced with "gpg -b".
> >
> > There is no need for that, you can convert from ASCII armored to
> > binary signatures and the other way around easily.
>

Guillem: I will use the workaround that you posted for now.  My thinking
was to preserve the timestamp of the original signature file, and what you
posted does accomplish that.  I think using a sed script is not as clean as
also someday allowing a ".sig" file in ".changes" and ".dsc" files though.
Do you think it will be hard to add that ability to dpkg?  It looks like
the V1 and V2 Perl modules could add a ".orig.tar.*.sig" to the list of
acceptable $tarsign string assignments.  It seems that the $tarsign
signature file must be getting returned by the get_files calls, for example
in dpkg-genchanges.pl, but I did not see how with a quick look at the dpkg
code.

True.  But why you want to limit to one format between .sig and .asc?
>

Osamu: I did not mean just accept one format--I meant accept both ".asc"
and ".sig" files for ".changes", ".dsc", and uscan files.  I suppose all
three manuals you mentioned could be modified to document this.

I had not brought this up until the latest lintian check on a test build
returned an error, but then Sean noted that the lintian error report is a
bug.

If there are no strong objections to this change, I will file a wishlist
bug as an "issue" for debian-policy about this.  I will be away next
weekend so I will try to put together something before then.

Thanks,


Paul Hardy

Bug#871791: lintian: spelling-error-in-{binary, manpage} "CAs Case" annoying for cryptographic software

[Chris Lamb]

tags 871791 + pending
thanks

Fixed in Git:

  
https://anonscm.debian.org/git/lintian/lintian.git/commit/?id=10d51c29cbd8c065b3f1544fc5214570c96ef395


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Processed: Re: lintian: spelling-error-in-{binary, manpage} "CAs Case" annoying for cryptographic software

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 871791 + pending
Bug #871791 [lintian] lintian: spelling-error-in-{binary,manpage} "CAs Case" 
annoying for cryptographic software
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
871791: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871791
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

[lintian] 01/01: Avoid false positives in spelling-error-in-{binary, manpage} for "CAs" which was annoying for cryptographic software. (Closes: #871791)

[Chris Lamb]

This is an automated email from the git hooks/post-receive script.

lamby pushed a commit to branch master
in repository lintian.

commit 10d51c29cbd8c065b3f1544fc5214570c96ef395
Author: Chris Lamb 
Date:   Sat Aug 12 13:39:14 2017 -0400

Avoid false positives in spelling-error-in-{binary,manpage} for "CAs" which 
was annoying for cryptographic software. (Closes: #871791)
---
 data/spelling/corrections  | 1 -
 data/spelling/corrections-case | 1 +
 debian/changelog   | 2 ++
 3 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/data/spelling/corrections b/data/spelling/corrections
index 4937d04..a67ecba 100644
--- a/data/spelling/corrections
+++ b/data/spelling/corrections
@@ -603,7 +603,6 @@ captial||capital
 carefull||careful
 carefuly||carefully
 cariage||carriage
-cas||case
 casue||cause
 casued||caused
 casues||causes
diff --git a/data/spelling/corrections-case b/data/spelling/corrections-case
index 193f059..a391e64 100644
--- a/data/spelling/corrections-case
+++ b/data/spelling/corrections-case
@@ -14,6 +14,7 @@ api||API
 Api||API
 arabic||Arabic
 british||British
+cas||CAs
 chinese||Chinese
 cyrillic||Cyrillic
 czech||Czech
diff --git a/debian/changelog b/debian/changelog
index 69381fd..5d59620 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -237,6 +237,8 @@ lintian (2.5.52) unstable; urgency=medium
   profiles, adding «nolua» and «noruby».
   * data/spelling/corrections:
 + [AB] Remove "iff". It's a valid English word. (Closes: #865055)
++ [CL] Avoid false positives in spelling-error-in-{binary,manpage} for
+  "CAs" which was annoying for cryptographic software.  (Closes: #871791)
 
   * debian/control:
 + [NT] Add (Build-)Depends on libxml-simple-perl for the new

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] branch master updated (213f030 -> 10d51c2)

[Chris Lamb]

This is an automated email from the git hooks/post-receive script.

lamby pushed a change to branch master
in repository lintian.

  from  213f030   Avoid false positive for link to license
   new  10d51c2   Avoid false positives in 
spelling-error-in-{binary,manpage} for "CAs" which was annoying for 
cryptographic software. (Closes: #871791)

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 data/spelling/corrections  | 1 -
 data/spelling/corrections-case | 1 +
 debian/changelog   | 2 ++
 3 files changed, 3 insertions(+), 1 deletion(-)

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git