From 75808db17caf8b960b351e3408e74142f4c85aac Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 14 Apr 2024 15:42:30 +0200 Subject: Adding upstream version 2.117.0. Signed-off-by: Daniel Baumann --- tags/v/vcs-browser-links-to-empty-view.tag | 7 ++++ tags/v/vcs-field-bitrotted.tag | 9 +++++ tags/v/vcs-field-has-unexpected-spaces.tag | 11 ++++++ tags/v/vcs-field-mismatch.tag | 9 +++++ tags/v/vcs-field-not-canonical.tag | 10 ++++++ tags/v/vcs-field-uses-insecure-uri.tag | 11 ++++++ .../vcs-field-uses-not-recommended-uri-format.tag | 10 ++++++ tags/v/vcs-field-uses-unknown-uri-format.tag | 5 +++ tags/v/vcs-fields-use-more-than-one-vcs.tag | 4 +++ tags/v/vcs-git-uses-invalid-user-uri.tag | 8 +++++ tags/v/vcs-obsolete-in-debian-infrastructure.tag | 16 +++++++++ tags/v/vcs-uri.tag | 5 +++ tags/v/vcs.tag | 5 +++ tags/v/version-refers-to-distribution.tag | 14 ++++++++ tags/v/version-substvar-for-external-package.tag | 8 +++++ tags/v/very-long-line-length-in-source-file.tag | 42 ++++++++++++++++++++++ tags/v/vim-addon-within-vim-runtime-path.tag | 7 ++++ ...ackage-depends-without-real-package-depends.tag | 14 ++++++++ 18 files changed, 195 insertions(+) create mode 100644 tags/v/vcs-browser-links-to-empty-view.tag create mode 100644 tags/v/vcs-field-bitrotted.tag create mode 100644 tags/v/vcs-field-has-unexpected-spaces.tag create mode 100644 tags/v/vcs-field-mismatch.tag create mode 100644 tags/v/vcs-field-not-canonical.tag create mode 100644 tags/v/vcs-field-uses-insecure-uri.tag create mode 100644 tags/v/vcs-field-uses-not-recommended-uri-format.tag create mode 100644 tags/v/vcs-field-uses-unknown-uri-format.tag create mode 100644 tags/v/vcs-fields-use-more-than-one-vcs.tag create mode 100644 tags/v/vcs-git-uses-invalid-user-uri.tag create mode 100644 tags/v/vcs-obsolete-in-debian-infrastructure.tag create mode 100644 tags/v/vcs-uri.tag create mode 100644 tags/v/vcs.tag create mode 100644 tags/v/version-refers-to-distribution.tag create mode 100644 tags/v/version-substvar-for-external-package.tag create mode 100644 tags/v/very-long-line-length-in-source-file.tag create mode 100644 tags/v/vim-addon-within-vim-runtime-path.tag create mode 100644 tags/v/virtual-package-depends-without-real-package-depends.tag (limited to 'tags/v') diff --git a/tags/v/vcs-browser-links-to-empty-view.tag b/tags/v/vcs-browser-links-to-empty-view.tag new file mode 100644 index 0000000..aedcdb7 --- /dev/null +++ b/tags/v/vcs-browser-links-to-empty-view.tag @@ -0,0 +1,7 @@ +Tag: vcs-browser-links-to-empty-view +Severity: warning +Check: fields/vcs +Explanation: The VCS-Browser links to an empty view of the repository due to it + including a suffix such as ?rev=0&sc=0. + . + You should remove this suffix from the field. diff --git a/tags/v/vcs-field-bitrotted.tag b/tags/v/vcs-field-bitrotted.tag new file mode 100644 index 0000000..905a602 --- /dev/null +++ b/tags/v/vcs-field-bitrotted.tag @@ -0,0 +1,9 @@ +Tag: vcs-field-bitrotted +Severity: warning +Check: fields/vcs +Explanation: The VCS-* field uses an address which no longer works. Please + update it to use the current canonical URI instead. + . + Note that this check is based on a list of known URIs or/and + patterns. Lintian did not send an HTTP request to the URI to test + this. diff --git a/tags/v/vcs-field-has-unexpected-spaces.tag b/tags/v/vcs-field-has-unexpected-spaces.tag new file mode 100644 index 0000000..63c7c5a --- /dev/null +++ b/tags/v/vcs-field-has-unexpected-spaces.tag @@ -0,0 +1,11 @@ +Tag: vcs-field-has-unexpected-spaces +Severity: warning +Check: fields/vcs +Explanation: The VCS-* field contains more spaces than expected or spaces at + places where they were not expected. Where possible, escape valid + spaces in URIs to avoid any ambiguity with respect to possible future + additional optional fields. + . + This may be caused by incorrect use of the -b branch + separator. +See-Also: debian-policy 5.6.26 diff --git a/tags/v/vcs-field-mismatch.tag b/tags/v/vcs-field-mismatch.tag new file mode 100644 index 0000000..5b12288 --- /dev/null +++ b/tags/v/vcs-field-mismatch.tag @@ -0,0 +1,9 @@ +Tag: vcs-field-mismatch +Severity: warning +Check: fields/vcs +Explanation: The VCS-* field name appears to mismatch the target URI. + . + You might have moved the Debian packaging to another version control + system but have not updated the field name. For example, using the + Vcs-Svn field to point to a Git repository now hosted on + salsa.debian.org. diff --git a/tags/v/vcs-field-not-canonical.tag b/tags/v/vcs-field-not-canonical.tag new file mode 100644 index 0000000..03acacf --- /dev/null +++ b/tags/v/vcs-field-not-canonical.tag @@ -0,0 +1,10 @@ +Tag: vcs-field-not-canonical +Severity: info +Check: fields/vcs +Explanation: The VCS-* field contains an uncanonical URI. Please update to use + the current canonical URI instead. This reduces the network bandwidth used + and makes debcheckout work independent of the port forwarding and + redirections properly working. + . + Note that this check is based on a list of known URIs. Lintian did not + send an HTTP request to the URI to test this. diff --git a/tags/v/vcs-field-uses-insecure-uri.tag b/tags/v/vcs-field-uses-insecure-uri.tag new file mode 100644 index 0000000..489e28f --- /dev/null +++ b/tags/v/vcs-field-uses-insecure-uri.tag @@ -0,0 +1,11 @@ +Tag: vcs-field-uses-insecure-uri +Severity: info +Check: fields/vcs +Explanation: The Vcs-* field uses an unencrypted transport protocol for the + URI. It is recommended to use a secure transport such as HTTPS for + anonymous read-only access. + . + Note that you can often just exchange e.g. git:// with https:// for + repositories. Though, in some cases (bzr's "lp:" or CVS's pserver) it + might not be possible to use an alternative url and still have a + working (anonymous read-only) repository. diff --git a/tags/v/vcs-field-uses-not-recommended-uri-format.tag b/tags/v/vcs-field-uses-not-recommended-uri-format.tag new file mode 100644 index 0000000..b029573 --- /dev/null +++ b/tags/v/vcs-field-uses-not-recommended-uri-format.tag @@ -0,0 +1,10 @@ +Tag: vcs-field-uses-not-recommended-uri-format +Severity: warning +Check: fields/vcs +Explanation: The VCS-* field uses a URI which doesn't match the recommended + format, but still looks valid. Examples for not recommended URI formats + are protocols that require authentication (like SSH). Instead where + possible you should provide a URI that is accessible for everyone + without authentication. + . + This renders debcheckout(1) unusable in these cases. diff --git a/tags/v/vcs-field-uses-unknown-uri-format.tag b/tags/v/vcs-field-uses-unknown-uri-format.tag new file mode 100644 index 0000000..c016a2b --- /dev/null +++ b/tags/v/vcs-field-uses-unknown-uri-format.tag @@ -0,0 +1,5 @@ +Tag: vcs-field-uses-unknown-uri-format +Severity: warning +Check: fields/vcs +Explanation: The VCS-* field uses an URI which doesn't match any known format. + You might have forgotten the protocol before the hostname. diff --git a/tags/v/vcs-fields-use-more-than-one-vcs.tag b/tags/v/vcs-fields-use-more-than-one-vcs.tag new file mode 100644 index 0000000..f89a10b --- /dev/null +++ b/tags/v/vcs-fields-use-more-than-one-vcs.tag @@ -0,0 +1,4 @@ +Tag: vcs-fields-use-more-than-one-vcs +Severity: info +Check: fields/vcs +Explanation: The Vcs-* fields mix more than one version control system. diff --git a/tags/v/vcs-git-uses-invalid-user-uri.tag b/tags/v/vcs-git-uses-invalid-user-uri.tag new file mode 100644 index 0000000..0c9ab6b --- /dev/null +++ b/tags/v/vcs-git-uses-invalid-user-uri.tag @@ -0,0 +1,8 @@ +Tag: vcs-git-uses-invalid-user-uri +Severity: warning +Check: fields/vcs +Explanation: The Vcs-Git field is pointing to a personal repository using + a git://(git|anonscm).debian.org/~$LOGIN/$PRJ.git style URI. This is not + recommended since the repository this points is not automatically updated + when pushing to the personal repository. The recommended URI for anonymous + access is https://anonscm.debian.org/git/users/$LOGIN/$PRJ.git. diff --git a/tags/v/vcs-obsolete-in-debian-infrastructure.tag b/tags/v/vcs-obsolete-in-debian-infrastructure.tag new file mode 100644 index 0000000..5bd8448 --- /dev/null +++ b/tags/v/vcs-obsolete-in-debian-infrastructure.tag @@ -0,0 +1,16 @@ +Tag: vcs-obsolete-in-debian-infrastructure +Severity: warning +Check: fields/vcs +Explanation: The specified Vcs-* field points to an area within the *.debian.org + infrastructure but refers to a version control system that has been + deprecated. + . + After 1st May 2018, Debian ceased to offer hosting for any version + control system other than Git and the Alioth service became read-only + in May 2018. Packages should migrate to Git hosting on + https://salsa.debian.org. + . + For further information about salsa.debian.org, including how to add + HTTP redirects from alioth, please consult the Debian Wiki. +See-Also: https://lists.debian.org/debian-devel-announce/2017/08/msg00008.html, + https://wiki.debian.org/Salsa diff --git a/tags/v/vcs-uri.tag b/tags/v/vcs-uri.tag new file mode 100644 index 0000000..27fd63f --- /dev/null +++ b/tags/v/vcs-uri.tag @@ -0,0 +1,5 @@ +Tag: vcs-uri +Severity: classification +Check: fields/vcs +Explanation: The package uses the specified VCS URI according to the + debian/control file. diff --git a/tags/v/vcs.tag b/tags/v/vcs.tag new file mode 100644 index 0000000..95c2da6 --- /dev/null +++ b/tags/v/vcs.tag @@ -0,0 +1,5 @@ +Tag: vcs +Severity: classification +Check: fields/vcs +Explanation: The package uses the specified VCS (eg. "git") according to the + debian/control file. diff --git a/tags/v/version-refers-to-distribution.tag b/tags/v/version-refers-to-distribution.tag new file mode 100644 index 0000000..79d6cc3 --- /dev/null +++ b/tags/v/version-refers-to-distribution.tag @@ -0,0 +1,14 @@ +Tag: version-refers-to-distribution +Severity: warning +Check: debian/changelog +Explanation: The Debian portion of the package version contains a reference to a + particular Debian release or distribution. This should only be done for + uploads targeted at a particular release, not at unstable or + experimental, and should refer to the release by version number or code + name. + . + Using "testing" or "stable" in a package version targeted at the current + testing or stable release is less informative than using the code name or + version number and may cause annoying version sequencing issues if the + package doesn't change before the next release cycle starts. +See-Also: developer-reference 5.14.3 diff --git a/tags/v/version-substvar-for-external-package.tag b/tags/v/version-substvar-for-external-package.tag new file mode 100644 index 0000000..31bba12 --- /dev/null +++ b/tags/v/version-substvar-for-external-package.tag @@ -0,0 +1,8 @@ +Tag: version-substvar-for-external-package +Severity: error +Check: debian/version-substvars +Explanation: The first package has a relation on the second package using a + dpkg-control substitution variable to generate the versioned part of + the relation. However the second package is not built from this + source package. Usually this means there is a mistake or typo in the + package name in this dependency. diff --git a/tags/v/very-long-line-length-in-source-file.tag b/tags/v/very-long-line-length-in-source-file.tag new file mode 100644 index 0000000..507430c --- /dev/null +++ b/tags/v/very-long-line-length-in-source-file.tag @@ -0,0 +1,42 @@ +Tag: very-long-line-length-in-source-file +Experimental: yes +Severity: pedantic +Check: files/contents/line-length +Explanation: The source file includes a line length that is well beyond + the normally human made code line length. + . + This very long line length does not allow Lintian to do + correctly some source file checks. + . + This line could also be the result of some text injected by + a computer program, and thus could lead to FTBFS bugs. + . + Last but not least, long line in source code could be used + to obfuscate the source code and to hide stuff like backdoors + or security problems. + . + It could be due to jslint source comments or other build tool + comments. + . + You may report this issue upstream. +Renamed-From: + insane-line-length-in-source-file + +Screen: autotools/long-lines +Advocates: Russ Allbery +Reason: + Upstream sources using autoconf have traditionally been + distributed with generated ./configure scripts as well as + other third-party m4 macro files such as libtool. + . + When paired with automake, there may also be some intermediate + Makefile.in files. + . + A lot of sources potentially contain such files, but they are not actionable + by either the Debian distributor or by the upstream maintainer. + . + As a side note, modern Debian build protocols will re-create many of those + files via dh_autoreconf. They are present merely to aid in + bootstrapping systems where the GNU suite may not yet be available. +See-Also: + Bug#996740 diff --git a/tags/v/vim-addon-within-vim-runtime-path.tag b/tags/v/vim-addon-within-vim-runtime-path.tag new file mode 100644 index 0000000..dcfd1cf --- /dev/null +++ b/tags/v/vim-addon-within-vim-runtime-path.tag @@ -0,0 +1,7 @@ +Tag: vim-addon-within-vim-runtime-path +Severity: warning +Check: vim +Explanation: Vim addons should not be installed directly under a directory contained + in the Vim runtime path. Users shall be given the freedom to choose which + addons they want to have enabled and which they don't. +See-Also: vim-policy 3.1 diff --git a/tags/v/virtual-package-depends-without-real-package-depends.tag b/tags/v/virtual-package-depends-without-real-package-depends.tag new file mode 100644 index 0000000..c4d0e89 --- /dev/null +++ b/tags/v/virtual-package-depends-without-real-package-depends.tag @@ -0,0 +1,14 @@ +Tag: virtual-package-depends-without-real-package-depends +Severity: warning +Check: fields/package-relations +Explanation: The package declares a depends on a virtual package without listing a + real package as an alternative first. + . + If this package could ever be a build dependency, it should list a real + package as the first alternative to any virtual package in its Depends. + Otherwise, the build daemons will not be able to provide a consistent + build environment. + . + If it will never be a build dependency, this isn't necessary, but you may + want to consider doing so anyway if there is a real package providing + that virtual package that most users will want to use. -- cgit v1.2.3