On 12/05/14 11:47, Gianfranco Costamagna wrote: > Hi debian developers, > > cppcheck [1] has been removed from testing [2] because of a sourceless > javascript file [3].
Hi, Gianfranco. Not a DD here, but: There are mixed opinions about cases like this. cppcheck doesn't need jQuery to work (or to do anything at all, even): it's just that a copy of the documentation website is included in the upstream package, and thus, the Debian source package, but nothing from this is actually included in the binary, not even used for compilation. So, just to get back in sync: currently, Debian's cppcheck is (was) upstream's 1.61. There was a 1.64 version available [*] but there was a problem with tinyxml2 versioning (and therefore, packaging). I commented on tinyxml2 issue #31 [1] regarding this and upstream accepted to tag future releases. This helped tinyxml2 packaging [2] to make it easier for cppcheck to Depend: libtinyxml2-2 and 2.0.2-1 is now on testing [3]. I got asked privately to test 1.64 directly, but I've been out of town for almost a month now and unable to contribute. Just today I returned, so I should have some spare time during this week to try a package for 1.64 with Depend: libtinyxml2-2 and most probably without the jQuery file altogether, given that jQuery cases and correct inclusion discussion have still not completely settled down. [*] 2 days ago 1.65 was released [4], so I may try 1.65 instead. [1] https://github.com/leethomason/tinyxml2/issues/31 [2] http://packages.qa.debian.org/t/tinyxml2.html [3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734617 [4] https://github.com/danmar/cppcheck/releases > Because of this I packaged (with patch and thanks from Octavio) a new dfsg > version and uploaded on mentors [4] some time ago. > (I'm uploading it again right now since I forgot to put the bug reference > into the changelog) Personally, I'd rather see 1.61+dfsg uploaded before attempting to package 1.65, but has its own set of implications. For example, the patch uses the Files-Excluded: facility on debian/watch, and this includes repackaging the same version of upstream, which I'm not exactly sure how this would work. So, if 1.65 works now, we should kill two big birds with one shot and hopefully we will all be happy. > I personally consider cppcheck a great package, that helped so far me in > spotting many possible vulnerabilities in packages I comaintain, helping me > in providing more secure packages in debian repositories (as well as sending > security fixes upstream). I use it on a regular basis, and most of my build scripts use it, so I'm interested it having it included. However, not being a DD, I still need sponsorship. My two cents. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53712dc7.2020...@alvarezp.ods.org
