Steve Langasek wrote: > On Tue, Oct 27, 2009 at 03:06:07PM +0100, Joerg Jaspert wrote: >> The second category is named "error" and the tags listed can not be >> overridden. Those are tags corresponding to packaging errors serious >> enough to mark a package unfit for the archive and should never happen. >> In fact, most of the tags listed do not appear in our archive >> currently, the few packages listed below should be easily fixable with >> their next upload. > >> We will provide a static url for the list of tags soon, for now you can >> look at them using [1]. > >> There are multiple files in [2] showing you the packages affected, >> together with the tags they hit. > >> [1] http://ftp-master.debian.org/~joerg/lintian/lintian.tags >> [2] http://ftp-master.debian.org/~joerg/lintian/ > > Since I'm not familiar with most of these lintian errors by name, I've run > the list of fatal errors through lintian-info with the following script: > > $ wget -O - -q http://ftp-master.debian.org/~joerg/lintian/lintian.tags \ > | sed -e'1,/error:$/d; s/^[[:space:]]\+-/E: ftp-master:/' | lintian-info > > I'd recommend that others do likewise, to get an appropriately large set of > eyeballs on this change. > > Some problems I find with this list: > > E: ftp-master: wrong-file-owner-uid-or-gid > N: > N: The user or group ID of the owner of the file is invalid. The owner > N: user and group IDs must be in the set of globally allocated IDs, > N: because other IDs are dynamically allocated and might be used for > N: varying purposes on different systems, or are reserved. The set of the > N: allowed, globally allocated IDs consists of the ranges 0-99, > N: 64000-64999 and 65534.
Hmm, why is 100-999 not mentioned here or does this lintian check only check files shipped by the package as opposed to created in the postinst? > N: Refer to Debian Policy Manual section 9.2 (Users and groups) for > N: details. > N: > N: Severity: serious, Certainty: certain > N: > > Policy 9.2 does /not/ prohibit shipping files with owners outside these > ranges; it prohibits relying on user or group IDs outside these ranges being > static, but there doesn't appear to be anything in Policy that prohibits > creating the user in the package preinst and then unpacking the package such > that ownership is applied by /name/. (Unless I'm mistaken, this is > precisely what dpkg does.) If the check is only about files shipped by the package, I see no reason how this objection can be anything more than theoretical. If it's also about files created in the postinst: Steve: Can you give an example of a dynamically allocated non system user needed by a package? Dynamically allocated system users are covered in the range 100-999. > E: ftp-master: copyright-lists-upstream-authors-with-dh_make-boilerplate > This one has been mentioned previously in the thread. Yes, it's a blemish > in the package to list "Upstream Author(s)", but the lintian maintainers > have correctly marked this as being of "normal" severity. We should not be > blocking packages from the archive for such low-severity issues; please drop > this check. It would indeed be good to have consensus first on the severity and certainty of a lintian check before auto rejecting on it IMHO. Cheers Luk -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
