Details about package ada-url

Package uploads

Upload #1

Information

Changelog

 ada-url (2.9.2-1) unstable; urgency=low
 .
   * Initial release. (Closes: #1091933)

QA information

• –
  Package uses debhelper-compat
  Debhelper compatibility level 13
• –
  Package is the latest upstream version

  Local:	2.9.2
  Upstream:	2.9.2
  Url:	https://github.com/ada-url/ada/archive/refs/tags/v2.9.2.tar.gz

• –
  Package is not native

  Format:

  3.0 (quilt)

• –
  "Maintainer" email is the same as the uploader
• –
  Package has lintian informational tags
  ada-url source

  • I out-of-date-standards-version
    • 4.6.1 (released 2022-05-11) (current is 4.7.0)
  • X debian-watch-does-not-check-openpgp-signature
    • [debian/watch]
  • X prefer-uscan-symlink
    • filenamemangle s%(?:.*?/)?v?@ANY_VERSION@$%@PACKAGE@_$1.orig.tar.gz% [debian/watch:5]
  • X update-debian-copyright
    • 2024 vs 2025 [debian/copyright:21]
  • X upstream-metadata-file-is-missing

  libadaurl2

  • I hardening-no-bindnow
    • [usr/lib/x86_64-linux-gnu/libada.so.2.9.2]
  • I no-symbols-control-file
    • usr/lib/x86_64-linux-gnu/libada.so.2.9.2
  • O package-name-doesnt-match-sonames
    • libada2 (override comment: We move away from recommendations in the Debian Policy, §8.1 and give the package more specific name to avoid confusion with Ada programming language.)
• –
  Package closes ITP bug
  • ada-url:
    • #1091933 (Wishlist, ITP): ITP: ada-url -- WHATWG-compliant and fast URL parser
• –
  Package is not in Debian
• –
  d/copyright is in DEP5 format

  Upstream Contact:	Daniel Lemire <daniel@lemire.me>
  Licenses:	Expat, Apache-2.0 and Expat, BSD-3-Clause

Comments

1. Nicholas,
   
   Preamble...
   
   Thank you for taking the time to prepare this package and your contribution to the Debian project.
   
   This review is offered to help package submitters to Debian mentors inorder to improve their packages prior to possible sponsorship into Debian. There is no obligation on behalf of the submitter to make any alterations based upon information provided in the review.
   
   Review...
   
   1. Build:
   
     * pbuilder [1]: Good
     * sbuild [2]: Good
   
   2. Lintian [3]: Issue
   
   Running lintian...
   N:
   I: libadaurl2: hardening-no-bindnow [usr/lib/x86_64-linux-gnu/libada.so.2.9.2]
   N: 
   N:   This package provides an ELF binary that lacks the "bindnow" linker flag.
   N:   
   N:   This is needed (together with "relro") to make the "Global Offset Table"
   N:   (GOT) fully read-only. The bindnow feature trades startup time for
   N:   improved security. Please consider enabling this feature or consider
   N:   overriding the tag (possibly with a comment about why).
   N:   
   N:   If you use dpkg-buildflags, you may have to add hardening=+bindnow or
   N:   hardening=+all to DEB_BUILD_MAINT_OPTIONS.
   N:   
   N:   The relevant compiler flags are set in LDFLAGS.
   N: 
   N:   Please refer to https://wiki.debian.org/Hardening for details.
   N: 
   N:   Visibility: info
   N:   Show-Always: no
   N:   Check: binaries/hardening
   N: 
   N:
   I: libadaurl2: no-symbols-control-file usr/lib/x86_64-linux-gnu/libada.so.2.9.2
   N: 
   N:   Although the package includes a shared library, the package does not have
   N:   a symbols control file.
   N:   
   N:   dpkg can use symbols files in order to generate more accurate library
   N:   dependencies for applications, based on the symbols from the library that
   N:   are actually used by the application.
   N: 
   N:   Please refer to the dpkg-gensymbols(1) manual page and
   N:   https://wiki.debian.org/UsingSymbolsFiles for details.
   N: 
   N:   Visibility: info
   N:   Show-Always: no
   N:   Check: debian/shlibs
   N: 
   N:
   I: ada-url source: out-of-date-standards-version 4.6.1 (released 2022-05-11) (current is 4.7.0)
   N: 
   N:   The source package refers to a Standards-Version older than the one that
   N:   was current at the time the package was created (according to the
   N:   timestamp of the latest debian/changelog entry). Please consider updating
   N:   the package to current Policy and setting this control field
   N:   appropriately.
   N:   
   N:   If the package is already compliant with the current standards, you don't
   N:   have to re-upload the package just to adjust the Standards-Version control
   N:   field. However, please remember to update this field next time you upload
   N:   the package.
   N:   
   N:   See /usr/share/doc/debian-policy/upgrading-checklist.txt.gz in the
   N:   debian-policy package for a summary of changes in newer versions of
   N:   Policy.
   N: 
   N:   Please refer to
   N:   https://www.debian.org/doc/debian-policy/upgrading-checklist.html for
   N:   details.
   N: 
   N:   Visibility: info
   N:   Show-Always: no
   N:   Check: fields/standards-version
   N: 
   N:
   N: We move away from recommendations in the Debian Policy, §8.1 and give the
   N: package more specific name to avoid confusion with Ada programming
   N: language.
   O: libadaurl2: package-name-doesnt-match-sonames libada2
   N: 
   N:   The package name of a library package should usually reflect the soname of
   N:   the included library. The package name can determined from the library
   N:   file name with the following code snippet:
   N:   
   N:    $ objdump -p /path/to/libfoo-bar.so.1.2.3 | sed -n -e's/^[[:space:]]*SONAME[[:space:]]*//p' | \
   N:        sed -r -e's/([0-9])\.so\./\1-/; s/\.so(\.|$)//; y/_/-/; s/(.*)/\L&/'
   N: 
   N:   Visibility: warning
   N:   Show-Always: no
   N:   Check: libraries/shared/soname
   N: 
   
   I: Lintian run was successful.
   
   3. Licenses [4]: Good
   
   4. Watch file [uscan --force-download]: Good
   
   5. Build Twice [sudo pbuilder build --twice <package>.dsc]: Good
   
   6. Reproducible builds [5]: Good
   
   7. Install [No previous installs]: Not performed at this time
   
   8. Upgrade [Over previous installs if any]: N/A
   
   Summary...
   
   Looking good, but a few lintian issues to be resolved.
   
   Look at using below in 'd/rules'.
   
   export DEB_BUILD_MAINT_OPTIONS=hardening=+all
   
   https://wiki.debian.org/Hardening
   
   Please try the below on your packages...
   
   [1] pbuilder:
   
     * Command: sudo pbuilder build <PACKAGE>.dsc
     * Document: https://wiki.ubuntu.com/PbuilderHowto.
     * Document: https://wiki.debian.org/PbuilderTricks
   
   [2] sbuild:
   
     * Command: sbuild <PACKAGE>.dsc
     * Document: https://wiki.debian.org/sbuild
   
   [3] lintian:
   
     * Command: lintian --display-info --verbose --fail-on error --info --pedantic --show-overrides (*.dsc, *.changes, *.buildinfo). Each can throw up different results, so be thorough.
     * Document: https://wiki.debian.org/Lintian
   
   [4] lrc:
   
     * Command: lrc
     * Document: https://wiki.debian.org/CopyrightReviewTools#licenserecon
   
     Note: Please report false positives as bug reports against 'licenserecon'.
   
   [5] reprotest
   
     * Command: sudo reprotest --vary=-build_path,domain_host.use_sudo=1 --auto-build <PACKAGE>.dsc -- schroot unstable-amd64-sbuild
     * Document: https://wiki.kathenas.org/pmwiki.php/Kathenas/Article00000004
     * Document: https://wiki.debian.org/ReproducibleBuilds/
     * Document: https://wiki.debian.org/ReproducibleBuilds/Howto#Newer_method
     
   Regards
   
   Phil

   Needs work Phil Wyett at Jan. 4, 2025, 5:28 p.m.

© 2008-2022 mentors.debian.net - Hosting and hardware provided by Wavecon - Source code and bugs (Version 7fd2eb1) - Contact