Lintian is a static analysis tool for Debian packages, reporting on various errors, omissions and general quality-assurance issues to maintainers.
I've previously written about my exploits with Lintian as well as authoring a short tutorial on how to write your own Lintian check.
Anyway, I recently uploaded version 2.5.53 about two months since previous release. The biggest changes you may notice are supporting the latest version of the Debian Policy as well the addition of checks to encourage the migration to Python 3.
Thanks to all who contributed patches, code review and bug reports to this release. The full changelog is as follows:
lintian (2.5.53) unstable; urgency=medium
The "we are all Perl developers now" release.
* Summary of tag changes:
+ Added:
- alternatively-build-depends-on-python-sphinx-and-python3-sphinx
- build-depends-on-python-sphinx-only
- dependency-on-python-version-marked-for-end-of-life
- maintainer-script-interpreter
- missing-call-to-dpkg-maintscript-helper
- node-package-install-in-nodejs-rootdir
- override-file-in-wrong-package
- package-installs-java-bytecode
- python-foo-but-no-python3-foo
- script-needs-depends-on-sensible-utils
- script-uses-deprecated-nodejs-location
- transitional-package-should-be-oldlibs-optional
- unnecessary-testsuite-autopkgtest-header
- vcs-browser-links-to-empty-view
+ Removed:
- debug-package-should-be-priority-extra
- missing-classpath
- transitional-package-should-be-oldlibs-extra
* checks/apache2.pm:
+ [CL] Fix an apache2-unparsable-dependency false positive by allowing
periods (".") in dependency names. (Closes: #873701)
* checks/binaries.pm:
+ [CL] Apply patches from Guillem Jover & Boud Roukema to improve the
description of the binary-file-built-without-LFS-support tag.
(Closes: #874078)
* checks/changes.{pm,desc}:
+ [CL] Ignore DFSG-repacked packages when checking for upstream
source tarball signatures as they will never match by definition.
(Closes: #871957)
+ [CL] Downgrade severity of orig-tarball-missing-upstream-signature
from "E:" to "W:" as many common tools do not make including the
signatures easy enough right now. (Closes: #870722, #870069)
+ [CL] Expand the explanation of the
orig-tarball-missing-upstream-signature tag to include the location
of where dpkg-source will look. Thanks to Theodore Ts'o for the
suggestion.
* checks/copyright-file.pm:
+ [CL] Address a number of issues in copyright-year-in-future:
- Prevent false positives in port numbers, email addresses, ISO
standard numbers and matching specific and general street
addresses. (Closes: #869788)
- Match all violating years in a line, not just the first (eg.
"2000-2107").
- Ignore meta copyright statements such as "Original Author". Thanks
to Thorsten Alteholz for the bug report. (Closes: #873323)
- Expand testsuite.
* checks/cruft.{pm,desc}:
+ [CL] Downgrade severity of file-contains-fixme-placeholder
tag from "important" (ie. "E:") to "wishlist" (ie. "I:").
Thanks to Gregor Herrmann for the suggestion.
+ [CL] Apply patch from Alex Muntada (alexm) to use "substr" instead
of "substring" in mentions-deprecated-usr-lib-perl5-directory's
description. (Closes: #871767)
+ [CL] Don't check copyright_hints file for FIXME placeholders.
(Closes: #872843)
+ [CL] Don't match quoted "FIXME" variants as they are almost always
deliberate. Thanks to Adrian Bunk for the report. (Closes: #870199)
+ [CL] Avoid false positives in missing source checks for "CSS Browser
Selector". (Closes: #874381)
* checks/debhelper.pm:
+ [CL] Prevent a false positive of
missing-build-dependency-for-dh_-command that can be exposed by
following the advice for the recently added
useless-autoreconf-build-depends tag. (Closes: #869541)
* checks/debian-readme.{pm,desc}:
+ [CL] Ensure readme-debian-contains-debmake-template also checks
for templates "Automatically generated by debmake".
* checks/description.{desc,pm}:
+ [CL] Clarify explanation of description-starts-with-leading-spaces
tag. Thanks to Taylor Kline for the report
and patch. (Closes: #849622)
+ [NT] Skip capitalization-error-in-description-synopsis for
auto-generated packages (such as dbgsym packages).
* checks/fields.{desc,pm}:
+ [CL] Ensure that python3-foo packages have "Section: python", not
just python2-foo. (Closes: #870272)
+ [RG] Do no longer require debug packages to be priority extra.
+ [BR] Use Lintian::Data for name/section mapping
+ [CL] Check for packages including "?rev=0&sc=0" in Vcs-Browser.
(Closes: #681713)
+ [NT] Transitional packages should now be "oldlibs/optional" rather
than "oldlibs/extra". The related tag has been renamed accordingly.
* checks/filename-length.pm:
+ [NT] Skip the check on auto-generated binary packages (such as
dbgsym packages).
* checks/files.{pm,desc}:
+ [BR] Avoid privacy-breach-generic false positives for legal.xml.
+ [BR] Detect install of node package under /usr/lib/nodejs/[^/]*$
+ [CL] Check for packages shipping compiled Java class files. Thanks
Carnë Draug . (Closes: #873211)
+ [BR] Privacy breach is no longer experimental.
* checks/init.d.desc:
+ [RG] Do not recommend a versioned dependency on lsb-base in
init.d-script-needs-depends-on-lsb-base. (Closes: #847144)
* checks/java.pm:
+ [CL] Additionally consider .cljc files as code to avoid false-
positive codeless-jar warnings. (Closes: #870649)
+ [CL] Drop problematic missing-classpath check. (Closes: #857123)
* checks/menu-format.desc:
+ [CL] Prevent false positives in desktop-entry-lacks-keywords-entry
for "Link" and "Directory" .desktop files. (Closes: #873702)
* checks/python.{pm,desc}:
+ [CL] Split out Python checks from "scripts" check to a new, source
check of type "source".
+ [CL] Check for python-foo without corresponding python3-foo packages
to assist in Python 2.x deprecation. (Closes: #870681)
+ [CL] Check for packages that Build-Depend on python-sphinx only.
(Closes: #870730)
+ [CL] Check for packages that alternatively Build-Depend on the
Python 2 and Python 3 versions of Sphinx. (Closes: #870758)
+ [CL] Check for binary packages that depend on Python 2.x.
(Closes: #870822)
* checks/scripts.pm:
+ [CL] Correct false positives in
unconditional-use-of-dpkg-statoverride by detecting "if !" as a
valid shell prefix. (Closes: #869587)
+ [CL] Check for missing calls to dpkg-maintscript-helper(1) in
maintainer scripts. (Closes: #872042)
+ [CL] Check for packages using sensible-utils without declaring a
dependency after its split from debianutils. (Closes: #872611)
+ [CL] Warn about scripts using "nodejs" as an interpreter now that
nodejs provides /usr/bin/node. (Closes: #873096)
+ [BR] Add a statistic tag giving interpreter.
* checks/testsuite.{desc,pm}:
+ [CL] Remove recommendations to add a "Testsuite: autopkgtest" field
to debian/control as it is added when needed by dpkg-source(1)
since dpkg 1.17.1. (Closes: #865531)
+ [CL] Warn if we see an unnecessary "Testsuite: autopkgtest" header
in debian/control.
+ [NT] Recognise "autopkgtest-pkg-go" as a valid test suite.
+ [CL] Recognise "autopkgtest-pkg-elpa" as a valid test suite.
(Closes: #873458)
+ [CL] Recognise "autopkgtest-pkg-octave" as a valid test suite.
(Closes: #875985)
+ [CL] Update the description of unknown-testsuite to reflect that
"autopkgtest" is not the only valid value; the referenced URL
is out-of-date (filed as #876008). (Closes: #876003)
* data/binaries/embedded-libs:
+ [RG] Detect embedded copies of heimdal, libgxps, libquicktime,
libsass, libytnef, and taglib.
+ [RG] Use an additional string to detect embedded copies of
openjpeg2. (Closes: #762956)
* data/fields/name_section_mappings:
+ [BR] node- package section is javascript.
+ [CL] Apply patch from Guillem Jover to add more section mappings.
(Closes: #874121)
* data/fields/obsolete-packages:
+ [MR] Add dh-systemd. (Closes: #872076)
* data/fields/perl-provides:
+ [CL] Refresh perl provides.
* data/fields/virtual-packages:
+ [CL] Update data file from archive. This fixes a false positive for
"bacula-director". (Closes: #835120)
* data/files/obsolete-paths:
+ [CL] Add note to /etc/bash_completion.d entry regarding stricter
filename requirements. (Closes: #814599)
* data/files/privacy-breaker-websites:
+ [BR] Detect custom donation logos like apache.
+ [BR] Detect generic counter website.
* data/standards-version/release-dates:
+ [CL] Add 4.0.1 and 4.1.0 as known standards versions.
(Closes: #875509)
* debian/control:
+ [CL] Mention Debian Policy v4.1.0 in the description.
+ [CL] Add myself to Uploaders.
+ [CL] Drop unnecessary "Testsuite: autopkgtest"; this is implied from
debian/tests/control existing.
* commands/info.pm:
+ [CL] Add a --list-tags option to print all tags Lintian knows about.
Thanks to Rajendra Gokhale for the suggestion. (Closes: #779675)
* commands/lintian.pm:
+ [CL] Apply patch from Maia Everett to avoid British spelling when
using en_US locale. (Closes: #868897)
* lib/Lintian/Check.pm:
+ [CL] Stop emitting {maintainer,uploader}-address-causes-mail-loops
for @packages.debian.org addresses. (Closes: #871575)
* lib/Lintian/Collect/Binary.pm:
+ [NT] Introduce an "auto-generated" argument for "is_pkg_class".
* lib/Lintian/Data.pm:
+ [CL] Modify Lintian::Data's "all" to always return keys in insertion
order, dropping dependency on libtie-ixhash-perl.
* helpers/coll/objdump-info-helper:
+ [CL] Apply patch from Steve Langasek to accommodate binutils 2.29
outputting symbols in a different format on ppc64el.
(Closes: #869750)
* t/tests/fields-perl-provides/tags:
+ [CL] Update expected output to match new Perl provides.
* t/tests/files-privacybreach/*:
+ [CL] Add explicit test for packages including external fonts via
the Google Font API. Thanks to Ian Jackson for the report.
(Closes: #873434)
+ [CL] Add explicit test for packages including external fonts via
the Typekit API via <script/> HTML tags.
* t/tests/*/desc:
+ [CL] Add missing entries in "Test-For" fields to make
development/testing workflow less error-prone.
* private/generate-tag-summary:
+ [CL] git-describe(1) will usually emit 7 hexadecimal digits as the
abbreviated object name, However, as this can be user-dependent,
pass --abbrev=0 to ensure it does not vary between systems. This
also means we do not need to strip it ourselves.
* private/refresh-*:
+ [CL] Use deb.debian.org as the default mirror.
+ [CL] Update locations of Contents-<arch> files; they are now
namespaced by distribution (eg. "main").
-- Chris Lamb <lamby@debian.org> Wed, 20 Sep 2017 09:25:06 +0100