new Pd packages looking for sponsors
Jonas Smedegaard
dr at jones.dk
Wed Nov 10 21:42:15 UTC 2010
On Wed, Nov 10, 2010 at 02:01:13PM -0300, Felipe Sateler wrote:
>On Wed, Nov 10, 2010 at 03:00, Hans-Christoph Steiner <hans at at.or.at> wrote:
>> pd-list-abs is almost done, just waiting on final sign-off from the
>> upstream author. I guess all new packages with interdependencies
>> need to be uploaded all together?
>
>Ehm, interdependencies (aka circular dependencies) are not allowed. If
>pd-list-abs needs pd-purepd and purepd needs list-abs, you will need to
>break the circular dependency somehow (by splitting binary packages,
>probably).
True.
>But on the more general issue, one cannot upload packages that depend
>on packages not in debian.
Not true: I am pretty sure that I at some point succesfully uploaded a
bunch of Sugar packages built from multiple sources and interdepending.
Tricky part is to setup the build environment properly ;-)
>>> The lintian override in this case is not worth working around IMO
>>> (the image-file-in-usr-lib one). Just override it. Also, in the long
>>> description please elaborate on the objects contained in the
>>> package.
>>
>> Ok, noted for future packages. I figured there might be some
>> security issue with images in /usr/lib since JPEGs have been known to
>> be exploitable.
>
>But how would installing them into usr/share will make them
>unexploitable? Anyways, what is exploitable is a given jpeg viewer, not
>he file format itself.
>Finally, I meant that you should drop it from this package too, not
>only future ones.
The issue, I believe, is not one of exploitable JPEG code but instead of
FHS defining /usr/lib as an area for arch-dependent files. Perhaps put
the files below /usr/share and symlink them to /usr/lib?
NB! I think you can simplify to declare only a single line in the
lintian override file (stripping the varying parts).
Oh, and if not done already, since it is examples they should probably
be symlinked to /usr/share/doc/<package>/examples/
>>> I've been thinking: all packages need to do the same fiddling with
>>> the license and the shlibdeps thingy. Would it be possible to
>>> abstract this in a makefile snippet? Hopefully one that is not tied
>>> to short form dh.
>>
>> That would be possible, but perhaps a patch to dh_shlibdeps would be
>> the way to do it properly?
>
>I'm not quite sure. What do others think?
Sounds best to me to fix it in dh_shlibdeps if possible.
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20101110/649e5d76/attachment.pgp>
More information about the pkg-multimedia-maintainers
mailing list