diff options
Diffstat (limited to 'tags/e')
58 files changed, 628 insertions, 0 deletions
diff --git a/tags/e/elevated-privileges.tag b/tags/e/elevated-privileges.tag new file mode 100644 index 0000000..f38357e --- /dev/null +++ b/tags/e/elevated-privileges.tag @@ -0,0 +1,16 @@ +Tag: elevated-privileges +Severity: warning +Check: files/permissions +Renamed-From: + setuid-binary + setgid-binary + setuid-gid-binary +Explanation: This executable does not run with the identity of the user + who executes it. It runs instead with its owner ID in the file system + or with its group ID, or both. + . + This security-relevant setting is intentional for programs that + regularly acquire elevated privileges, such as <code>/bin/su</code>, + but can be a significant risk when it the setting is not intended. + . + Please override if needed. diff --git a/tags/e/elf-error.tag b/tags/e/elf-error.tag new file mode 100644 index 0000000..040aaeb --- /dev/null +++ b/tags/e/elf-error.tag @@ -0,0 +1,14 @@ +Tag: elf-error +Severity: warning +Check: binaries/corrupted +Renamed-From: + apparently-corrupted-elf-binary +Explanation: The file appears to be in ELF format but readelf produced the indicated + error when parsing it. + . + In case of a false positive, you may need to install <code>binutils-multiarch</code> + so that ELF files from other architectures are handled correctly. It is also possible + that the file is not actually in ELF format but was misidentified as such. +See-Also: + https://refspecs.linuxfoundation.org/elf/elf.pdf, + readelf(1) diff --git a/tags/e/elf-maintainer-script.tag b/tags/e/elf-maintainer-script.tag new file mode 100644 index 0000000..0b78b7e --- /dev/null +++ b/tags/e/elf-maintainer-script.tag @@ -0,0 +1,4 @@ +Tag: elf-maintainer-script +Severity: classification +Check: scripts +Explanation: The maintainer script is an ELF binary. diff --git a/tags/e/elf-warning.tag b/tags/e/elf-warning.tag new file mode 100644 index 0000000..c7eb964 --- /dev/null +++ b/tags/e/elf-warning.tag @@ -0,0 +1,13 @@ +Tag: elf-warning +Severity: pedantic +Experimental: yes +Check: binaries/corrupted +Explanation: The file appears to be in ELF format but readelf produced the indicated + warning when parsing it. + . + In case of a false positive, you may need to install <code>binutils-multiarch</code> + so that ELF files from other architectures are handled correctly. It is also possible + that the file is not actually in ELF format but was misidentified as such. +See-Also: + https://refspecs.linuxfoundation.org/elf/elf.pdf, + readelf(1) diff --git a/tags/e/emacsen-common-without-dh-elpa.tag b/tags/e/emacsen-common-without-dh-elpa.tag new file mode 100644 index 0000000..ad0a598 --- /dev/null +++ b/tags/e/emacsen-common-without-dh-elpa.tag @@ -0,0 +1,15 @@ +Tag: emacsen-common-without-dh-elpa +Severity: warning +Check: emacs/elpa +Explanation: The package uses the emacsen-common infrastructure but the + package was not built with dh-elpa. Please consider transitioning + the package build to use dh-elpa, unless the package is required to + work with XEmacs. + . + dh-elpa centralises the emacsen-common maintscripts, which makes for + fewer bugs, and significantly easier cross-archive updates to emacsen + packages. + . + In addition, a package built with dh-elpa integrates with the GNU + Emacs package manager, for a better user experience. +See-Also: dh_elpa(1), dh-make-elpa(1), https://wiki.debian.org/Teams/DebianEmacsenTeam/elpa-hello diff --git a/tags/e/embedded-feedparser-library.tag b/tags/e/embedded-feedparser-library.tag new file mode 100644 index 0000000..9a15f02 --- /dev/null +++ b/tags/e/embedded-feedparser-library.tag @@ -0,0 +1,7 @@ +Tag: embedded-feedparser-library +Severity: warning +Check: languages/python/feedparser +Explanation: This package contains an embedded copy of Mark Pilgrim's Universal + Feed Parser. Please depend on the "python-feedparser" package and use + the normal Python import mechanism to load it. +See-Also: debian-policy 4.13 diff --git a/tags/e/embedded-javascript-library.tag b/tags/e/embedded-javascript-library.tag new file mode 100644 index 0000000..4601c8a --- /dev/null +++ b/tags/e/embedded-javascript-library.tag @@ -0,0 +1,8 @@ +Tag: embedded-javascript-library +Severity: warning +Check: languages/javascript/embedded +Explanation: This package contains an embedded copy of JavaScript libraries + that are now available in their own packages (for example, JQuery, + Prototype, Mochikit or "Cropper"). Please depend on the appropriate + package and symlink the library into the appropriate location. +See-Also: debian-policy 4.13 diff --git a/tags/e/embedded-library.tag b/tags/e/embedded-library.tag new file mode 100644 index 0000000..378ad8d --- /dev/null +++ b/tags/e/embedded-library.tag @@ -0,0 +1,12 @@ +Tag: embedded-library +Severity: error +Check: libraries/embedded +Explanation: The given ELF object appears to have been statically linked to + a library. Doing this is strongly discouraged due to the extra work + needed by the security team to fix all the extra embedded copies or + trigger the package rebuilds, as appropriate. + . + If the package uses a modified version of the given library it is highly + recommended to coordinate with the library's maintainer to include the + changes on the system version of the library. +See-Also: debian-policy 4.13 diff --git a/tags/e/embedded-pear-module.tag b/tags/e/embedded-pear-module.tag new file mode 100644 index 0000000..990a839 --- /dev/null +++ b/tags/e/embedded-pear-module.tag @@ -0,0 +1,8 @@ +Tag: embedded-pear-module +Severity: warning +Check: languages/php/pear/embedded +Experimental: yes +Explanation: This package appears to contain an embedded copy of a PEAR module. + Please depend on the respective PEAR package providing the module and + make sure the library can be found by the scripts via the include_path. +See-Also: debian-policy 4.13 diff --git a/tags/e/embedded-php-library.tag b/tags/e/embedded-php-library.tag new file mode 100644 index 0000000..d1bb917 --- /dev/null +++ b/tags/e/embedded-php-library.tag @@ -0,0 +1,7 @@ +Tag: embedded-php-library +Severity: warning +Check: languages/php/embedded +Explanation: This package appears to contain an embedded copy of a PHP library. + Please depend on the respective package providing the library and + make sure it can be found by the scripts via the include_path. +See-Also: debian-policy 4.13 diff --git a/tags/e/embedded-script-includes-copyright-statement.tag b/tags/e/embedded-script-includes-copyright-statement.tag new file mode 100644 index 0000000..fd24489 --- /dev/null +++ b/tags/e/embedded-script-includes-copyright-statement.tag @@ -0,0 +1,11 @@ +Tag: embedded-script-includes-copyright-statement +Severity: pedantic +Check: cruft +Explanation: The specified file includes an embedded script with a copyright + statement. + . + The script was likely copy-pasted and likely needs to be rebuilt from + the original source. + . + This script may be also outdated and may need to be updated from a + security point of view. diff --git a/tags/e/empty-binary-package.tag b/tags/e/empty-binary-package.tag new file mode 100644 index 0000000..c3ef358 --- /dev/null +++ b/tags/e/empty-binary-package.tag @@ -0,0 +1,17 @@ +Tag: empty-binary-package +Severity: warning +Check: files/empty-package +Explanation: This binary package appears to be empty, and its description does + not say that it's a metapackage or a transitional package. This is + often due to problems with updating debhelper *.install files during + package renames or similar problems where installation rules don't put + files in the correct place. + . + If the package is deliberately empty, please mention in the package long + description one of the phrases "metapackage", "dummy", "dependency + package", or "empty package". + . + Previously, Lintian also accepted the use of "virtual package". This + was removed to avoid overloading the term. If you have been relying on + the phrase "virtual package" to avoid this warning, please replace it + with one of the others. diff --git a/tags/e/empty-debian-tests-control.tag b/tags/e/empty-debian-tests-control.tag new file mode 100644 index 0000000..0deb12e --- /dev/null +++ b/tags/e/empty-debian-tests-control.tag @@ -0,0 +1,6 @@ +Tag: empty-debian-tests-control +Severity: error +Check: testsuite +Explanation: + The debian/tests/control is empty when any comments are removed. +See-Also: https://salsa.debian.org/ci-team/autopkgtest/tree/master/doc/README.package-tests.rst diff --git a/tags/e/empty-field.tag b/tags/e/empty-field.tag new file mode 100644 index 0000000..6c72752 --- /dev/null +++ b/tags/e/empty-field.tag @@ -0,0 +1,6 @@ +Tag: empty-field +Severity: warning +Check: fields/empty +Explanation: The named field in this package's control file is empty + or consists only of whitespace. +See-Also: debian-policy 2.4, Bug#879809 diff --git a/tags/e/empty-manual-page.tag b/tags/e/empty-manual-page.tag new file mode 100644 index 0000000..a38ef1e --- /dev/null +++ b/tags/e/empty-manual-page.tag @@ -0,0 +1,4 @@ +Tag: empty-manual-page +Severity: error +Check: documentation/manual +Explanation: The referenced manual page is empty. diff --git a/tags/e/empty-rust-library-declares-provides.tag b/tags/e/empty-rust-library-declares-provides.tag new file mode 100644 index 0000000..77ac2f6 --- /dev/null +++ b/tags/e/empty-rust-library-declares-provides.tag @@ -0,0 +1,24 @@ +Tag: empty-rust-library-declares-provides +Severity: error +Check: languages/rust +Explanation: For some time, Rust libraries used empty installation packages + with long Provides lines in their control files to deal with peculiarities + in Rust packaging. It is no longer considered acceptable because it strains + our archive infrastructure. + . + Rust packages should not be empty and merely declare a Provides control + field. Instead, please merge such packages into the main installation + package. When using <code>debcargo</code>, this can usually be achieved by + adding <code>collapse_features = true</code> to the + <code>debcargo.toml</code> file. + . + You can see some examples here: + . + - https://sources.debian.org/src/rust-dbus/0.9.0-2/debian/control/ + - https://sources.debian.org/src/rust-x11rb/0.7.0-1/debian/control/ + . + The decision to burden the Rust packaging team with that extra step was + made after weighing all possible alternatives. +See-Also: + Bug#942898, Bug#945542, + http://meetbot.debian.net/debian-rust/2020/debian-rust.2020-10-28-18.58.log.html#l-150 diff --git a/tags/e/empty-shared-library-symbols.tag b/tags/e/empty-shared-library-symbols.tag new file mode 100644 index 0000000..c93fb59 --- /dev/null +++ b/tags/e/empty-shared-library-symbols.tag @@ -0,0 +1,13 @@ +Tag: empty-shared-library-symbols +Severity: error +Check: debian/shlibs +Renamed-From: + pkg-has-symbols-control-file-but-no-shared-libs +Explanation: Although the package does not include any shared libraries, it does + have a symbols control file. If you did include a shared library, check that + the SONAME of the library is set and that it matches the contents of the + symbols file. + . + SONAMEs are set with something like <code>gcc -Wl,-soname,libfoo.so.0</code>, + where 0 is the major version of the library. If your package uses libtool, + then libtool invoked with the right options should be doing this. diff --git a/tags/e/empty-shlibs.tag b/tags/e/empty-shlibs.tag new file mode 100644 index 0000000..34390e7 --- /dev/null +++ b/tags/e/empty-shlibs.tag @@ -0,0 +1,17 @@ +Tag: empty-shlibs +Severity: error +Check: debian/shlibs +Renamed-From: + pkg-has-shlibs-control-file-but-no-actual-shared-libs +Explanation: Although the package does not include any shared libraries, it does + have a shlibs control file. If you did include a shared library, check that + the SONAME of the library is set and that it matches the contents of the + shlibs file. + . + SONAMEs are set with something like <code>gcc -Wl,-soname,libfoo.so.0</code>, + where 0 is the major version of the library. If your package uses libtool, + then libtool invoked with the right options should be doing this. + . + Note this is sometimes triggered for packages with a private shared + library due to a bug in Debhelper. +See-Also: Bug#204975, Bug#633853 diff --git a/tags/e/empty-short-license-in-dep5-copyright.tag b/tags/e/empty-short-license-in-dep5-copyright.tag new file mode 100644 index 0000000..f7646c2 --- /dev/null +++ b/tags/e/empty-short-license-in-dep5-copyright.tag @@ -0,0 +1,6 @@ +Tag: empty-short-license-in-dep5-copyright +Severity: warning +Check: debian/copyright/dep5 +See-Also: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Explanation: The short license field in the machine readable copyright file + is empty. diff --git a/tags/e/empty-translated-choices.tag b/tags/e/empty-translated-choices.tag new file mode 100644 index 0000000..ffb26e1 --- /dev/null +++ b/tags/e/empty-translated-choices.tag @@ -0,0 +1,6 @@ +Tag: empty-translated-choices +Severity: error +Check: debian/debconf +Explanation: When the translation of a Choices: field is empty, the whole question + is skipped (and nothing is selected). Please verify that the translation + you're using is valid. diff --git a/tags/e/empty-udeb-package.tag b/tags/e/empty-udeb-package.tag new file mode 100644 index 0000000..a9ee919 --- /dev/null +++ b/tags/e/empty-udeb-package.tag @@ -0,0 +1,13 @@ +Tag: empty-udeb-package +Severity: info +Check: files/empty-package +Experimental: yes +Explanation: This udeb package appears to be empty, and its description does + not say that it's a metapackage or a package. This is often due to + problems with updating debhelper *.install files during package + renames or similar problems where installation rules don't put files + in the correct place. + . + If the package is deliberately empty, you can avoid this tag by + using one of the following phrases "metapackage", "dummy", "dependency + package", or "empty package" in the long description of the udeb. diff --git a/tags/e/empty-upstream-sources.tag b/tags/e/empty-upstream-sources.tag new file mode 100644 index 0000000..86e1d36 --- /dev/null +++ b/tags/e/empty-upstream-sources.tag @@ -0,0 +1,5 @@ +Tag: empty-upstream-sources +Severity: error +Check: origtar +Explanation: The .orig.tar.gz file is empty. +See-Also: Bug#471537 diff --git a/tags/e/epoch-change-without-comment.tag b/tags/e/epoch-change-without-comment.tag new file mode 100644 index 0000000..b5ed4bb --- /dev/null +++ b/tags/e/epoch-change-without-comment.tag @@ -0,0 +1,26 @@ +Tag: epoch-change-without-comment +Severity: warning +Check: debian/changelog +Explanation: The previous version of this package had a different version epoch + (eg. 2:1.0-1) to the current version but there's no reference to this in + the changelog entry. + . + Epochs exist to cope with changes to the upstream version numbering + scheme. Whilst they are a powerful tool, increasing or adding an epoch + has many downsides including causing issues with versioned dependencies, + being misleading to users and being aesthetically unappealing. Whilst + they should be avoided, valid reasons to add or increment the epoch + include: + . + - Upstream changed their versioning scheme in a way that makes the + latest version lower than the previous one. + - You need to permanently revert to a lower upstream version. + . + Temporary revertions (eg. after an NMU) should use not modify or + introduce an epoch - please use the <code>CURRENT+reallyFORMER</code> until + you can upload the latest version again. + . + If you are unsure whether you need to increase the epoch for a package, + please consult the debian-devel mailing list. + . + Lintian looks in this version's changelog entry for the phrase "epoch". diff --git a/tags/e/epoch-changed-but-upstream-version-did-not-go-backwards.tag b/tags/e/epoch-changed-but-upstream-version-did-not-go-backwards.tag new file mode 100644 index 0000000..83a8de7 --- /dev/null +++ b/tags/e/epoch-changed-but-upstream-version-did-not-go-backwards.tag @@ -0,0 +1,27 @@ +Tag: epoch-changed-but-upstream-version-did-not-go-backwards +Severity: error +Check: debian/changelog +Explanation: The previous version of this package had a different version epoch + to the current version but the upstream version did not go "backwards". + For example, the previous package version was "1:1.0-1" and the current + version is "2:2.0-1". + . + This was likely an accidental bump or addition of an epoch. + . + Epochs exist to cope with changes to the upstream version numbering + scheme. Whilst they are a powerful tool, increasing or adding an epoch + has many downsides including causing issues with versioned dependencies, + being misleading to users and being aesthetically unappealing. Whilst + they should be avoided, valid reasons to add or increment the epoch + include: + . + - Upstream changed their versioning scheme in a way that makes the + latest version lower than the previous one. + - You need to permanently revert to a lower upstream version. + . + Temporary revertions (eg. after an NMU) should use not modify or + introduce an epoch - please use the <code>CURRENT+reallyFORMER</code> until + you can upload the latest version again. + . + If you are unsure whether you need to increase the epoch for a package, + please consult the debian-devel mailing list. diff --git a/tags/e/essential-in-source-package.tag b/tags/e/essential-in-source-package.tag new file mode 100644 index 0000000..b13a894 --- /dev/null +++ b/tags/e/essential-in-source-package.tag @@ -0,0 +1,5 @@ +Tag: essential-in-source-package +Severity: error +Check: fields/essential +Explanation: This field should only appear in binary packages. +See-Also: debian-policy 5.6.9 diff --git a/tags/e/essential-no-not-needed.tag b/tags/e/essential-no-not-needed.tag new file mode 100644 index 0000000..2c82180 --- /dev/null +++ b/tags/e/essential-no-not-needed.tag @@ -0,0 +1,6 @@ +Tag: essential-no-not-needed +Severity: warning +Check: fields/essential +Explanation: Having "Essential: no" is the same as not having the field at all, + so it just makes the Packages file longer with no benefit. +See-Also: debian-policy 5.6.9 diff --git a/tags/e/example-incorrect-path-for-interpreter.tag b/tags/e/example-incorrect-path-for-interpreter.tag new file mode 100644 index 0000000..0607a4d --- /dev/null +++ b/tags/e/example-incorrect-path-for-interpreter.tag @@ -0,0 +1,14 @@ +Tag: example-incorrect-path-for-interpreter +Severity: info +Check: scripts +Explanation: The interpreter used by this example script is installed at another + location on Debian systems. Normally the path should be updated to match + the Debian location. + . + Whilst the script may work, it is in violation of Debian Policy. This + may have been caused by usrmerge. + . + Note that, as a particular exception, Debian Policy § 10.4 states that + Perl scripts should use <code>/usr/bin/perl</code> directly and not + <code>/usr/bin/env</code>, etc. +See-Also: debian-policy 10.4, https://wiki.debian.org/UsrMerge diff --git a/tags/e/example-interpreter-in-usr-local.tag b/tags/e/example-interpreter-in-usr-local.tag new file mode 100644 index 0000000..9952f8d --- /dev/null +++ b/tags/e/example-interpreter-in-usr-local.tag @@ -0,0 +1,7 @@ +Tag: example-interpreter-in-usr-local +Severity: pedantic +Check: scripts +Explanation: This package contains an example script that looks for an + interpreter in a directory in /usr/local. Since Debian does not install + anything in /usr/local, the example script would probably need + modifications before a user could run it. diff --git a/tags/e/example-interpreter-not-absolute.tag b/tags/e/example-interpreter-not-absolute.tag new file mode 100644 index 0000000..a35e21b --- /dev/null +++ b/tags/e/example-interpreter-not-absolute.tag @@ -0,0 +1,9 @@ +Tag: example-interpreter-not-absolute +Severity: info +Check: scripts +Explanation: This example script uses a relative path to locate its interpreter. + This path will be taken relative to the caller's current directory, not + the script's, so a user will probably not be able to run the example + without modification. This tag can also be caused by script headers like + <code>#!@BASH@</code>, which usually mean that the examples were copied out + of the source tree before proper Autoconf path substitution. diff --git a/tags/e/example-script-uses-bin-env.tag b/tags/e/example-script-uses-bin-env.tag new file mode 100644 index 0000000..3b8aab8 --- /dev/null +++ b/tags/e/example-script-uses-bin-env.tag @@ -0,0 +1,7 @@ +Tag: example-script-uses-bin-env +Severity: info +Check: scripts +Explanation: This example script uses /bin/env as its interpreter (used to find + the actual interpreter on the user's path). There is no /bin/env on + Debian systems; env is instead installed as /usr/bin/env. Usually, the + path to env in the script should be changed. diff --git a/tags/e/example-script-uses-deprecated-nodejs-location.tag b/tags/e/example-script-uses-deprecated-nodejs-location.tag new file mode 100644 index 0000000..5009bd8 --- /dev/null +++ b/tags/e/example-script-uses-deprecated-nodejs-location.tag @@ -0,0 +1,14 @@ +Tag: example-script-uses-deprecated-nodejs-location +Severity: warning +Check: scripts +Explanation: You used <code>/usr/bin/nodejs</code> or <code>/usr/bin/env nodejs</code> as an + interpreter for an example script. + . + The <code>/usr/bin/node</code> binary was previously provided by + <code>ax25-node</code> and packages were required to use <code>/usr/bin/nodejs</code> + instead. <code>ax25-node</code> has since been removed from the archive and the + <code>nodejs</code> package now ships the <code>/usr/bin/node</code> binary to match + the rest of the Node.js ecosystem. + . + Please update your package to use the <code>node</code> variant. +See-Also: Bug#614907, Bug#862051 diff --git a/tags/e/example-script-without-interpreter.tag b/tags/e/example-script-without-interpreter.tag new file mode 100644 index 0000000..4766194 --- /dev/null +++ b/tags/e/example-script-without-interpreter.tag @@ -0,0 +1,5 @@ +Tag: example-script-without-interpreter +Severity: info +Check: scripts +Explanation: This example file starts with the #! sequence that identifies + scripts, but it does not name an interpreter. diff --git a/tags/e/example-shell-script-fails-syntax-check.tag b/tags/e/example-shell-script-fails-syntax-check.tag new file mode 100644 index 0000000..54ac0b8 --- /dev/null +++ b/tags/e/example-shell-script-fails-syntax-check.tag @@ -0,0 +1,12 @@ +Tag: example-shell-script-fails-syntax-check +Severity: pedantic +Check: script/syntax +Explanation: Running this shell script with the shell's -n option set fails, + which means that the script has syntax errors. The most common cause of + this problem is a script expecting <code>/bin/sh</code> to be bash checked on + a system using dash as <code>/bin/sh</code>. + . + Run e.g. <code>sh -n yourscript</code> to see the errors yourself. + . + Note this can have false-positives, for an example with bash scripts + using "extglob". diff --git a/tags/e/example-unusual-interpreter.tag b/tags/e/example-unusual-interpreter.tag new file mode 100644 index 0000000..4081a98 --- /dev/null +++ b/tags/e/example-unusual-interpreter.tag @@ -0,0 +1,6 @@ +Tag: example-unusual-interpreter +Severity: pedantic +Check: scripts +Explanation: This package contains an example script for an interpreter that + is not shipped in the package and is not known to Lintian. It is + possible that there is a typo or the interpreter is not executable. diff --git a/tags/e/example-wrong-path-for-interpreter.tag b/tags/e/example-wrong-path-for-interpreter.tag new file mode 100644 index 0000000..b507908 --- /dev/null +++ b/tags/e/example-wrong-path-for-interpreter.tag @@ -0,0 +1,10 @@ +Tag: example-wrong-path-for-interpreter +Severity: info +Check: scripts +Explanation: The interpreter used by this example script is installed at another + location on Debian systems. Normally the path should be updated to match + the Debian location. + . + Note that, as a particular exception, Debian Policy § 10.4 states that + Perl scripts should use <code>/usr/bin/perl</code> directly and not + <code>/usr/bin/env</code>, etc. diff --git a/tags/e/excessive-debhelper-overrides.tag b/tags/e/excessive-debhelper-overrides.tag new file mode 100644 index 0000000..7b396e3 --- /dev/null +++ b/tags/e/excessive-debhelper-overrides.tag @@ -0,0 +1,24 @@ +Tag: excessive-debhelper-overrides +Severity: warning +Check: debhelper +Explanation: The <code>debian/rules</code> file appears to include a suspiciously + high number of <code>override_dh_</code>-style overrides. + . + It is likely that is this was intended to optimise package builds by + introducing "no-op" overrides that avoid specific debhelper commands. + . + However, whilst using overrides are not a problem per-se, such a list + is usually subject to constant revision, prevents future debhelper + versions fixing archive-wide problems, adds unnecessary + noise/distraction for anyone reviewing the package, and increases the + package's "bus factor". It is, in addition, aesthetically displeasing. + . + Furthermore, this is typically a premature optimisation. debhelper already + includes optimizations to avoid running commands when unnecessary. If you find + a debhelper command taking unnecessarily long when it has no work to do, + please work with the debhelper developers to help debhelper skip that command + in more circumstances, optimizing not only your package build but everyone + else's as well. + . + Please remove the unnecessary overrides. +See-Also: debhelper(7), dh(1) diff --git a/tags/e/excessive-priority-for-library-package.tag b/tags/e/excessive-priority-for-library-package.tag new file mode 100644 index 0000000..e887f26 --- /dev/null +++ b/tags/e/excessive-priority-for-library-package.tag @@ -0,0 +1,12 @@ +Tag: excessive-priority-for-library-package +Severity: warning +Check: fields/priority +Explanation: The given package appears to be a library package, but it has "Priority" + of "required", "important", or "standard". + . + In general, a library package should only get pulled in on a system because + some other package depends on it; no library package needs installation on a + system where nothing uses it. + . + Please update <code>debian/control</code> and downgrade the severity to, for + example, <code>Priority: optional</code>. diff --git a/tags/e/executable-debhelper-file-without-being-executable.tag b/tags/e/executable-debhelper-file-without-being-executable.tag new file mode 100644 index 0000000..f5e2760 --- /dev/null +++ b/tags/e/executable-debhelper-file-without-being-executable.tag @@ -0,0 +1,8 @@ +Tag: executable-debhelper-file-without-being-executable +Severity: error +Check: debhelper +Explanation: The packaging file is marked executable, but it does not appear to be + executable (e.g. it has no #! line). + . + If debhelper file is not supposed to be executable, please remove the + executable bit from it. diff --git a/tags/e/executable-desktop-file.tag b/tags/e/executable-desktop-file.tag new file mode 100644 index 0000000..b74be86 --- /dev/null +++ b/tags/e/executable-desktop-file.tag @@ -0,0 +1,7 @@ +Tag: executable-desktop-file +Severity: error +Check: menu-format +Explanation: The desktop entry file is marked executable. + . + Desktop entries are regular files. They should be installed with file permissions of + mode <code>0644</code>. diff --git a/tags/e/executable-in-usr-lib.tag b/tags/e/executable-in-usr-lib.tag new file mode 100644 index 0000000..307ba7f --- /dev/null +++ b/tags/e/executable-in-usr-lib.tag @@ -0,0 +1,41 @@ +Tag: executable-in-usr-lib +Severity: pedantic +Experimental: yes +Check: files/permissions/usr-lib +Explanation: The package ships an executable file in /usr/lib. + . + Please move the file to <code>/usr/libexec</code>. + . + With policy revision 4.1.5, Debian adopted the Filesystem + Hierarchy Specification (FHS) version 3.0. + . + The FHS 3.0 describes <code>/usr/libexec</code>. Please use that + location for executables. +See-Also: + debian-policy 9.1.1, + filesystem-hierarchy, + https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch04s07.html, + Bug#954149 + +Screen: emacs/elpa/scripts +Advocates: David Bremner <bremner@debian.org> +Reason: The <code>emacsen-common</code> package places installation + and removal scripts, which for ELPA packages are executable, + in the folder <code>/usr/lib/emacsen-common/packages</code>. + . + About four hundred installation packages are affected. All of + them declare <code>emacsen-common</code> as an installation + prerequisite. +See-Also: + Bug#974175, + Bug#954149 + +Screen: web/cgi/scripts +Advocates: Andrius Merkys <merkys@debian.org> +Reason: The folder <code>/usr/lib/cgi-bin/</code> is designated for + scripts in the Common Gateway Interface (CGI). They require the + executable bit so the server can run them. +See-Also: + https://en.wikipedia.org/wiki/Common_Gateway_Interface, + https://datatracker.ietf.org/doc/html/rfc3875.html, + Bug#1003941 diff --git a/tags/e/executable-in-usr-share-doc.tag b/tags/e/executable-in-usr-share-doc.tag new file mode 100644 index 0000000..b3a15f3 --- /dev/null +++ b/tags/e/executable-in-usr-share-doc.tag @@ -0,0 +1,6 @@ +Tag: executable-in-usr-share-doc +Severity: error +Check: documentation +Explanation: Usually, documentation files in <code>/usr/share/doc</code> should have mode + 0644. If the executable is an example, it should go in + <code>/usr/share/doc/*pkg*/examples</code>. diff --git a/tags/e/executable-in-usr-share-docbase.tag b/tags/e/executable-in-usr-share-docbase.tag new file mode 100644 index 0000000..5b7f72c --- /dev/null +++ b/tags/e/executable-in-usr-share-docbase.tag @@ -0,0 +1,4 @@ +Tag: executable-in-usr-share-docbase +Severity: error +Check: menus +Explanation: Files in <code>/usr/share/doc-base</code> may not be marked as executables. diff --git a/tags/e/executable-is-not-world-readable.tag b/tags/e/executable-is-not-world-readable.tag new file mode 100644 index 0000000..517ea3b --- /dev/null +++ b/tags/e/executable-is-not-world-readable.tag @@ -0,0 +1,9 @@ +Tag: executable-is-not-world-readable +Severity: warning +Check: files/permissions +Explanation: All executables should be readable by any user. Since anyone can + download the Debian package and obtain a copy of the executable, no + security is gained by making the executable unreadable even for setuid + binaries. If only members of a certain group may execute this file, + remove execute permission for world, but leave read permission. +See-Also: debian-policy 10.9 diff --git a/tags/e/executable-jar-without-main-class.tag b/tags/e/executable-jar-without-main-class.tag new file mode 100644 index 0000000..4f4d92d --- /dev/null +++ b/tags/e/executable-jar-without-main-class.tag @@ -0,0 +1,5 @@ +Tag: executable-jar-without-main-class +Severity: error +Check: languages/java +See-Also: java-policy 2.2 +Explanation: An executable JAR must have a Main-Class set in its manifest. diff --git a/tags/e/executable-manual-page.tag b/tags/e/executable-manual-page.tag new file mode 100644 index 0000000..873f16d --- /dev/null +++ b/tags/e/executable-manual-page.tag @@ -0,0 +1,5 @@ +Tag: executable-manual-page +Severity: error +Check: documentation/manual +Renamed-From: executable-manpage +Explanation: Manual pages are not meant to be executed. diff --git a/tags/e/executable-menu-file.tag b/tags/e/executable-menu-file.tag new file mode 100644 index 0000000..fae9ad2 --- /dev/null +++ b/tags/e/executable-menu-file.tag @@ -0,0 +1,6 @@ +Tag: executable-menu-file +Severity: warning +Check: menus +Explanation: Menu files should not be marked as executables. + . + Packages only need to do that when menu entries are generated on the fly. diff --git a/tags/e/executable-not-elf-or-script.tag b/tags/e/executable-not-elf-or-script.tag new file mode 100644 index 0000000..cdf56ed --- /dev/null +++ b/tags/e/executable-not-elf-or-script.tag @@ -0,0 +1,13 @@ +Tag: executable-not-elf-or-script +Severity: warning +Check: executable +Explanation: This executable file is not an ELF format binary, and does not start + with the #! sequence that marks interpreted scripts. It might be a sh + script that fails to name /bin/sh as its shell, or it may be incorrectly + marked as executable. Sometimes upstream files developed on Windows are + marked unnecessarily as executable on other systems. + . + If you are using debhelper to build your package, running dh_fixperms will + often correct this problem for you. +See-Also: + debian-policy 10.4 diff --git a/tags/e/executable-stack-in-shared-library.tag b/tags/e/executable-stack-in-shared-library.tag new file mode 100644 index 0000000..bc5544b --- /dev/null +++ b/tags/e/executable-stack-in-shared-library.tag @@ -0,0 +1,20 @@ +Tag: executable-stack-in-shared-library +Severity: warning +Check: libraries/shared/stack +Renamed-From: + shlib-with-executable-stack +Explanation: The listed shared library declares the stack as executable. + . + Executable stack is usually an error as it is only needed if the code + contains GCC trampolines or similar constructs which uses code on the + stack. One possible source for false positives are object files built + from assembler files which don't define a proper .note.GNU-stack + section. + . + To see the permissions on the stack, run <code>readelf -l</code> on the + shared library and look for the program header of type GNU_STACK. In the + flag column, there should not be an E flag set. + . + This tag is currently not emitted on MIPS architectures. +See-Also: https://bugs.debian.org/1025436, + https://bugs.debian.org/1022787 diff --git a/tags/e/exit-in-shared-library.tag b/tags/e/exit-in-shared-library.tag new file mode 100644 index 0000000..9e0657a --- /dev/null +++ b/tags/e/exit-in-shared-library.tag @@ -0,0 +1,15 @@ +Tag: exit-in-shared-library +Severity: info +Check: libraries/shared/exit +Experimental: yes +Renamed-From: + shlib-calls-exit +Explanation: The listed shared library calls the C library exit() or _exit() + functions. + . + In the case of an error, the library should instead return an appropriate + error code to the calling program which can then determine how to handle + the error, including performing any required clean-up. + . + In most cases, removing the call should be discussed with upstream, + particularly as it may produce an ABI change. diff --git a/tags/e/experimental-to-unstable-without-comment.tag b/tags/e/experimental-to-unstable-without-comment.tag new file mode 100644 index 0000000..67a4725 --- /dev/null +++ b/tags/e/experimental-to-unstable-without-comment.tag @@ -0,0 +1,13 @@ +Tag: experimental-to-unstable-without-comment +Severity: pedantic +Check: debian/changelog +Explanation: The previous version of this package had a distribution of + "experimental", this version has a distribution of "unstable", and there's + apparently no comment about the change of distributions. + . + Lintian looks in this version's changelog entry for the phrase "to + unstable" or "to sid", with or without quotation marks around the + distribution name. + . + This may indicate a mistake in setting the distribution and an accidental + upload to unstable of a package intended for experimental. diff --git a/tags/e/explicit-default-in-package-type.tag b/tags/e/explicit-default-in-package-type.tag new file mode 100644 index 0000000..57dbb84 --- /dev/null +++ b/tags/e/explicit-default-in-package-type.tag @@ -0,0 +1,7 @@ +Tag: explicit-default-in-package-type +Severity: warning +Check: fields/package-type +Explanation: Having <code>Package-Type: deb</code> is the same as not having + the field at all, so it makes the Packages file longer with no + benefit. Policy also discourages it. +See-Also: debian-policy 5.6.28 diff --git a/tags/e/explicitly-armored-upstream-signature.tag b/tags/e/explicitly-armored-upstream-signature.tag new file mode 100644 index 0000000..1b9a601 --- /dev/null +++ b/tags/e/explicitly-armored-upstream-signature.tag @@ -0,0 +1,7 @@ +Tag: explicitly-armored-upstream-signature +Severity: warning +Check: upstream-signature +Explanation: The packaging includes a detached upstream signature file that was armored + explicitly using <code>gpg --enarmor</code>. That is likely an error. + . + Please generate the signature with <code>gpg --armor --detach-sig</code> instead. diff --git a/tags/e/extended-description-contains-empty-paragraph.tag b/tags/e/extended-description-contains-empty-paragraph.tag new file mode 100644 index 0000000..e1567ce --- /dev/null +++ b/tags/e/extended-description-contains-empty-paragraph.tag @@ -0,0 +1,5 @@ +Tag: extended-description-contains-empty-paragraph +Severity: warning +Check: fields/description +Explanation: The extended description (the lines after the first line of the + "Description:" field) contains an empty paragraph. diff --git a/tags/e/extended-description-is-empty.tag b/tags/e/extended-description-is-empty.tag new file mode 100644 index 0000000..16bf9df --- /dev/null +++ b/tags/e/extended-description-is-empty.tag @@ -0,0 +1,6 @@ +Tag: extended-description-is-empty +Severity: error +Check: fields/description +Explanation: The extended description (the lines after the first line of the + "Description:" field) is empty. +See-Also: debian-policy 3.4 diff --git a/tags/e/extended-description-is-probably-too-short.tag b/tags/e/extended-description-is-probably-too-short.tag new file mode 100644 index 0000000..9401072 --- /dev/null +++ b/tags/e/extended-description-is-probably-too-short.tag @@ -0,0 +1,10 @@ +Tag: extended-description-is-probably-too-short +Severity: info +Check: fields/description +See-Also: developer-reference 6.2.1, developer-reference 6.2.3 +Explanation: The extended description (the lines after the first line of the + "Description:" field) is only one or two lines long. The extended + description should provide a user with enough information to decide + whether they want to install this package, what it contains, and how it + compares to similar packages. One or two lines is normally not enough to + do this. diff --git a/tags/e/extended-description-line-too-long.tag b/tags/e/extended-description-line-too-long.tag new file mode 100644 index 0000000..a9ce1c2 --- /dev/null +++ b/tags/e/extended-description-line-too-long.tag @@ -0,0 +1,8 @@ +Tag: extended-description-line-too-long +Severity: warning +Check: fields/description +Explanation: One or more lines in the extended part of the "Description:" field + have been found to contain more than 80 characters. For the benefit of + users of 80x25 terminals, it is recommended that the lines do not exceed + 80 characters. +See-Also: debian-policy 3.4.1 diff --git a/tags/e/extra-license-file.tag b/tags/e/extra-license-file.tag new file mode 100644 index 0000000..dc23680 --- /dev/null +++ b/tags/e/extra-license-file.tag @@ -0,0 +1,7 @@ +Tag: extra-license-file +Severity: info +Check: files/licenses +See-Also: debian-policy 12.5 +Explanation: All license information should be collected in the + <code>debian/copyright</code> file. This usually makes it unnecessary + for the package to install this information in other places as well. diff --git a/tags/e/extra-whitespace-around-name-in-changelog-trailer.tag b/tags/e/extra-whitespace-around-name-in-changelog-trailer.tag new file mode 100644 index 0000000..b427ee2 --- /dev/null +++ b/tags/e/extra-whitespace-around-name-in-changelog-trailer.tag @@ -0,0 +1,10 @@ +Tag: extra-whitespace-around-name-in-changelog-trailer +Severity: warning +Check: nmu +Explanation: There is too much whitespace around the name in debian/changelog. + . + The format is: + -- NAME <EMAIL> DATE + . + Note that there must be exactly 1 space after the "--" and exactly + 2 spaces before the "DATE". |