Hi Paulo,
On Sat, Sep 03, 2016 at 11:54:04PM -0300, Paulo wrote:
> I working in this package, it's almost done, there are some issues to solve.
>
> I uploaded to mentors a version 0.70-1
It would be nice if you could base your updated package on Petter
Reinholdtsen's version 0.50 since that has been uploaded to the
archive (and pulled into collab-maint).
I've reviewed your current package on mentors; here are my comments...
The package descriptions could be improved: something like
Description: PE (Portable Executable) analysis toolkit
pev is a toolkit to work with PE (Portable Executable) binaries
commonly used on Windows operating systems.
.
Its main goal is to provide feature-rich tools enabling proper
analysis of binaries, especially suspicious ones. It's typically used
to analyse malware and viruses.
for pev,
Description: PE (Portable Executable) analysis library
libpe provides functions to extract information from
PE32/PE32+-format binaries (32- and 64-bit Windows executables), such
as headers, sections, resources... This format is used by .EXE
programs, .DLL dynamic-link libraries, .OCX component libraries and
many others.
for libpe1 (dropping "libpe1" so you don't need to update the
description for a soname change), and likewise for libpe-dev (with the
extra paragraph you already have).
In debian/rules, you should use
export DEB_BUILD_MAINT_OPTIONS=hardening=+all
instead of manually specifying the CFLAGS and LDFLAGS for hardening;
that way, dpkg will use the appropriate flags for each platform.
In debian/copyright, license information for lib/libfuzzy and
lib/libudis86 is missing; also, the pev code still has GPL-3+ headers
(despite the authors' intentions as evidenced by the change in the
LICENSE file). In any case, the licensing situation means that 0.70
can't be uploaded to Debian; pev needs an OpenSSL licensing exception
which will be included in the next version (see
https://github.com/merces/pev/issues/98 for details).
Thanks for the work you've put into the packaging, you obviously care
about getting it right! I'll happily sponsor the package once it's in
an uploadable state (which really depends on upstream now).
Regards,
Stephen
