RHash 1.3.5 package

Aleksey Kravchenko rhash.admin at gmail.com
Tue Feb 13 23:05:49 UTC 2018 

Hello Lukas,

thank you for the detailed review, especially for noticing that CPPFLAGS
must be used.

I applied your patch and the changes you proposed.
The "formatting" typo is fixed upstream [1] and will appear in the next
version.

I've put the updated package to mentors [2] to seek for a brave uploader.

[1] https://github.com/rhash/RHash/commit/9069daee36a70726753976499c77ee
543cda1871
[2] https://mentors.debian.net/package/rhash

  Thanks,
  Aleksey.

On Tue, Feb 13, 2018 at 1:24 AM, Lukas Schwaighofer <lukas at schwaighofer.name
> wrote:

> Hi Aleksey,
>
> thanks for working on the Debian package of your software! :)
>
> On Mon, 12 Feb 2018 14:21:33 +0300
> Aleksey Kravchenko <rhash.admin at gmail.com> wrote:
>
> > I've recently finished packaging new RHash version [1] for the Debian
> > Security Tools Packaging Team, and now I need a sponsor to review and
> > upload it.
> >
> > Could you please help me with this?
> >
> > [1] https://mentors.debian.net/package/rhash
>
> I cannot sponsor your package, since I'm not a Debian Developer.  But
> I'll try to help with the reviewing part :) .
>
>
> All your changes look very reasonable.  Things I noticed:
>
> * Since you are migrating from a manual -dbg package to an automatic
>   dbgsym package, I believe you need to use the "--debug-migration"
>   option from dh_strip.  See dh_strip(1) for more information.
>
> * The "Change Maintainer field" changelog entry could be more
>   informative. How about mentioning that it's now under pkg-security's
>   umbrella?
>
> * Debhelper compatibility level 11 is stable now, so why not upgrade to
>   that? :)
>
> * debian/rules suggestions
>   - From my pkg-security experience, we usually use "hardening=+all"
>     for the DEB_BUILD_MAINT_OPTIONS.  This is currently equivalent to
>     what you are using ("hardening=+bindnow"), but it's conceivable
>     that new hardening features will be added in the future and then
>     we'll automatically enable them in a rebuild.
>   - Since upstream's build system does not support CPPFLAGS, Debian's
>     CPPFLAGS are not applied; it makes sense to pass those as CFLAGS to
>     make (together with the actual CFLAGS).
>   - The file is quite hard to read, so I'd suggest a bit of
>     housekeeping:
>     . The `-g` flag is already in CFLAGS and does not need to be added a
>       second time if DEB_BUILD_OPTIONS contains "debug".
>     . Newer debhelper versions already support parallelism, no need for
>       manual quirks
>     . No need to set the unchanged "LDFLAGS" variable (instead set the
>       LIBLDFLAGS explicitly with `dpkg-buidlflags`)
>     . The value LIB_LD is set to looks plain wrong: nothing is
>       installed to debian/tmp and the LD_LIBRARY_PATH variable is not
>       set.  Dropping it completely does not seem to affect the tests.
>   I've attached a patch for the debian/rules containing all these
>   suggestions (but not my first point about dh_strip).  Feel free
>   to disregard any of it if you disagree.
>
> * Nit: The word "formatting" is misspelled in several places, maybe you
>   can correct that upstream :) .
>
>
> I hope that helps.  If anything is unclear don't hesitate to ask. I see
> you had asked for sponsorhip ~6 weeks ago.  If no one responds I'd
> recommend you just re-ping after some time.  I believe the people here
> don't ignore these requests intentionally and won't mind the reminder.
>
> Regards
> Lukas
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-security-team/attachments/20180214/42db30de/attachment.html>

More information about the Pkg-security-team mailing list