On Fri, Jun 28, 2024 at 12:36 PM Phil Wyett <philip.wy...@kathenas.org> wrote: > > Hi Bo, > > Preamble... > > Thanks for taking time to create this package and your contribution to Debian. > > The below review is for assistance. It is offered to help submitters of > packages to Debian mentors improve their packages prior to possible > sponsorship into Debian. There is no obligation on behalf of the subitter to > make any alterations based upon information provided in the review. > > Review... > > 1. Build: Good > > 2. Lintian: Warnings / Information > > I: sitecopy source: quilt-patch-missing-description > [debian/patches/32_neon-0.31.patch] > > A description for the patch would probably be beneficial. > > I: sitecopy: hardening-no-bindnow [usr/bin/sitecopy] > N: > N: This package provides an ELF binary that lacks the "bindnow" linker flag. > N: > N: This is needed (together with "relro") to make the "Global Offset Table" > N: (GOT) fully read-only. The bindnow feature trades startup time for > N: improved security. Please consider enabling this feature or consider > N: overriding the tag (possibly with a comment about why). > N: > N: If you use dpkg-buildflags, you may have to add hardening=+bindnow or > N: hardening=+all to DEB_BUILD_MAINT_OPTIONS. > N: > N: The relevant compiler flags are set in LDFLAGS. > N: > N: Please refer to https://wiki.debian.org/Hardening for details. > N: > N: Visibility: info > N: Show-Always: no > N: Check: binaries/hardening > > I would be quite tempted to fix this with the addition of the below line near > the top of > 'debian/rules' even though it is a QA upload. I would ask others opinion > though as they may feel it > is not within the scope of a QA upload. > > export DEB_BUILD_MAINT_OPTIONS = hardening=+all >
This report can be resolved using the links below. Hope this helps. https://wiki.debian.org/Hardening https://wiki.debian.org/HardeningWalkthrough Quality control is good to always resolve any package issues when possible. -- Cheers, Leandro Cunha
