On Tue, 2022-09-06 at 17:28 -0400, Daniel Kahn Gillmor wrote: > However, this raises a general question of how package maintainers > should track lintian when doing their development work targeting > unstable. Should we run the version from bullseye locally, so that we > only get the advantages of new lintian scans every upgrade cycle? > Should we run both versions of lintian somehow? should we do like i've > done with 2.2.39 and describe both versions of tags that were recently > rewritten?
I think it would be good to move the lintian checks off ftp-master altogether and to an external service. It does too much work that could be better done in a context with less security implications. We were previously stuck with an old lintian version for some time and have (mostly) run lintian from backports for a while, but I think that is not a good solution. ftp-master also only runs checks against maintainer uploads so most binary packages aren't looked at by lintian at all... An external service could do better here as well. Ansgar
