1{"tags": [{"severity": "error", "package": "libpythonize0-trinity", "tag": "binary-or-shlib-defines-rpath", "explanation": "The binary or shared library sets RPATH or RUNPATH. This overrides the\nnormal library search path, possibly interfering with local policy and\ncausing problems for multilib, among other issues.\n\nThe only time a binary or shared library in a Debian package should set\nRPATH or RUNPATH is if it is linked to private shared libraries in the\nsame package. In that case, place those private shared libraries in\n/usr/lib/<package>. Libraries used by binaries in other packages should\nbe placed in /lib or /usr/lib as appropriate, with a proper SONAME, in\nwhich case RPATH/RUNPATH is unnecessary.\n\nTo fix this problem, look for link lines like:\ngcc test.o -o test -Wl,--rpath,/usr/local/lib\nor\ngcc test.o -o test -R/usr/local/lib\nand remove the -Wl,--rpath or -R argument. You can also use the chrpath\nutility to remove the RPATH.\n\nRefer to https://wiki.debian.org/RpathIssue for details.\n\nSeverity: error\n\nCheck: binaries", "comment": "", "note": "opt/trinity/lib/libpythonize.so.0.0.0 /usr/lib/python3.8", "pointer": ""}, {"severity": "error", "package": "libpythonize0-trinity", "tag": "dir-or-file-in-opt", "explanation": "Debian packages should not install into /opt, because it is reserved for\nadd-on software.\n\nRefer to Filesystem Hierarchy Standard (/opt : Add-on application\nsoftware packages) for details.\n\nSeverity: error\n\nCheck: files/hierarchy-standard", "comment": "", "note": "opt/trinity/", "pointer": ""}, {"severity": "error", "package": "libpythonize0-trinity", "tag": "dir-or-file-in-opt", "explanation": "", "comment": "", "note": "opt/trinity/lib/", "pointer": ""}, {"severity": "error", "package": "libpythonize0-trinity", "tag": "dir-or-file-in-opt", "explanation": "", "comment": "", "note": "opt/trinity/lib/libpythonize.so.0", "pointer": ""}, {"severity": "error", "package": "libpythonize0-trinity", "tag": "dir-or-file-in-opt", "explanation": "", "comment": "", "note": "opt/trinity/lib/libpythonize.so.0.0.0", "pointer": ""}, {"severity": "warning", "package": "libpythonize0-trinity", "tag": "description-contains-homepage", "explanation": "The extended description contains a \"Homepage\" pseudo-field following\nthe old Developer's Reference recommendation. As of 1.14.6, dpkg now\nsupports Homepage as a regular field in debian/control. This\npseudo-field should be moved from the extended description to the fields\nfor the relevant source or binary packages.\n\nSeverity: warning\n\nCheck: fields/description", "comment": "", "note": "", "pointer": ""}, {"severity": "warning", "package": "libpythonize0-trinity", "tag": "package-has-unnecessary-activation-of-ldconfig-trigger", "explanation": "The package activates the ldconfig trigger even though no shared\nlibraries are installed in a directory controlled by the dynamic library\nloader.\n\nNote this may be triggered by a bug in debhelper, that causes it to\nauto-generate an ldconfig trigger for packages that do not need it.\n\nRefer to Debian Policy Manual section 8.1.1 (ldconfig) and\nhttps://bugs.debian.org/204975 for details.\n\nSeverity: warning\n\nCheck: shared-libs", "comment": "", "note": "", "pointer": ""}, {"severity": "warning", "package": "libpythonize0-trinity", "tag": "package-relation-with-self", "explanation": "The package declares a relationship with itself. This is not very useful\nexcept in the case of a package Conflicting with itself if its package\nname doubles as a virtual package.\n\nSeverity: warning\n\nCheck: fields/package-relations", "comment": "", "note": "breaks: libpythonize0-trinity (<< 4:14.0.0~)", "pointer": ""}, {"severity": "info", "package": "libpythonize0-trinity", "tag": "hardening-no-bindnow", "explanation": "This package provides an ELF binary that lacks the \"bindnow\" linker\nflag.\n\nThis is needed (together with \"relro\") to make the \"Global Offset Table\"\n(GOT) fully read-only. The bindnow feature trades startup time for\nimproved security. Please consider enabling this feature or consider\noverriding the tag (possibly with a comment about why).\n\nIf you use dpkg-buildflags, you may have to add hardening=+bindnow or\nhardening=+all to DEB_BUILD_MAINT_OPTIONS.\n\nThe relevant compiler flags are set in LDFLAGS.\n\nRefer to https://wiki.debian.org/Hardening for details.\n\nSeverity: info\n\nCheck: binaries", "comment": "", "note": "opt/trinity/lib/libpythonize.so.0.0.0", "pointer": ""}, {"severity": "pedantic", "package": "libpythonize0-trinity", "tag": "copyright-refers-to-symlink-license", "explanation": "The copyright file refers to the versionless symlink in\n/usr/share/common-licenses for the full text of the GPL, LGPL, or GFDL\nlicense. This symlink is updated to point to the latest version of the\nlicense when a new one is released. The package appears to allow\nrelicensing under later versions of its license, so this is legally\nconsistent, but it implies that Debian will relicense the package under\nlater versions of those licenses as they're released. It is normally\nbetter to point to the version of the license the package references in\nits license statement.\n\nFor example, if the package says something like \"you may redistribute it\nand/or modify it under the terms of the GNU General Public License as\npublished by the Free Software Foundation; either version 2, or (at your\noption) any later version\", the debian/copyright file should refer to\n/usr/share/common-licenses/GPL-2, not /GPL.\n\nFor packages released under the same terms as Perl, Perl references the\nGPL version 1, so point to /usr/share/common-licenses/GPL-1.\n\nSeverity: pedantic\n\nCheck: debian/copyright", "comment": "", "note": "usr/share/common-licenses/GPL", "pointer": ""}, {"severity": "experimental", "package": "libpythonize0-trinity", "tag": "binary-file-built-without-LFS-support", "explanation": "The listed ELF binary appears to be (partially) built without \"Large\nFile Support\" (LFS). If so, it may not be able to handle large files or\nfiles with large metadata values (ex: inode numbers) correctly.\n\nTo support large files, code review might be needed to make sure that\nthose files are not slurped into memory or mmap(2)ed, and that correct\n64-bit data types are used (ex: off_t instead of ssize_t), etc. Once\nthat has been done ensure _FILE_OFFSET_BITS is defined and set to 64\nbefore any system headers are included (note that on systems were the\nABI has LFS enabled by default, setting _FILE_OFFSET_BITS to 64 will be\na no-op, and as such optional). This can be done by using the\nAC_SYS_LARGEFILE macro with autoconf which will set any macro required\nto enable LFS when necessary, or by enabling the lfs feature from the\nfuture dpkg-buildflags feature area which sets the CPPFLAGS variable\n(since dpkg-dev 1.19.0). Note though, that getconf LFS_CFLAGS must not\nbe used, as it does not support cross-building. Using _FILE_OFFSET_BITS\nshould require no system function renames (eg. from open(2) to\nopen64(2)), and if this tag is still emitted, the most probable cause is\nbecause the macro is not seen by the system code being compiled.\n\nTake into account that even if this tag is not emitted, that does not\nmean the binary is LFS-safe (ie. no OOM conditions, file truncation or\noverwrite will happen).\n\nAlso note that enabling LFS on a shared library is not always safe as it\nmight break ABI in case some of the exported types change size, in those\ncases a SOVERSION bump might be required. Or alternatively, on systems\nwith an ABI without LFS, defining _LARGEFILE64_SOURCE and exporting both\n32 and 64-bit variants of the interfaces can avoid the SOVERSION bump,\nat the cost of more complex maintenance.\n\nRefer to http://www.unix.org/version2/whatsnew/lfs20mar.html and\nhttps://www.gnu.org/software/libc/manual/html_node/Feature-Test-Macros.html\nfor details.\n\nSeverity: info\n\nCheck: binaries\n\nThis tag is experimental. Please file a bug report if the tag seems\nwrong.", "comment": "", "note": "opt/trinity/lib/libpythonize.so.0.0.0", "pointer": ""}, {"severity": "classification", "package": "libpythonize0-trinity", "tag": "control-tarball-compression-format", "explanation": "This is the compressor format used for the control.tar tarball.\n\nSeverity: classification\n\nCheck: deb-format\n\nThis tag is a classification. There is no issue in your package.", "comment": "", "note": "xz", "pointer": ""}, {"severity": "classification", "package": "libpythonize0-trinity", "tag": "data-tarball-compression-format", "explanation": "This is the compressor format used for the data.tar tarball.\n\nSeverity: classification\n\nCheck: deb-format\n\nThis tag is a classification. There is no issue in your package.", "comment": "", "note": "xz", "pointer": ""}, {"severity": "classification", "package": "libpythonize0-trinity", "tag": "no-ctrl-scripts", "explanation": "The package does not rely on any maintainer scripts (or other executable\ncontrol files).\n\nSeverity: classification\n\nCheck: control-files\n\nThis tag is a classification. There is no issue in your package.", "comment": "", "note": "", "pointer": ""}, {"severity": "classification", "package": "libpythonize0-trinity", "tag": "package-is-maintained-by-individual", "explanation": "The package is maintained by an individual according to the\nmaintainer/uploaders fields in the debian/control file.\n\nSeverity: classification\n\nCheck: fields/vcs\n\nThis tag is a classification. There is no issue in your package.", "comment": "", "note": "", "pointer": ""}, {"severity": "error", "package": "libpythonize0-trinity-dev", "tag": "dir-or-file-in-opt", "explanation": "", "comment": "", "note": "opt/trinity/", "pointer": ""}, {"severity": "error", "package": "libpythonize0-trinity-dev", "tag": "dir-or-file-in-opt", "explanation": "", "comment": "", "note": "opt/trinity/include/", "pointer": ""}, {"severity": "error", "package": "libpythonize0-trinity-dev", "tag": "dir-or-file-in-opt", "explanation": "", "comment": "", "note": "opt/trinity/include/pythonize.h", "pointer": ""}, {"severity": "error", "package": "libpythonize0-trinity-dev", "tag": "dir-or-file-in-opt", "explanation": "", "comment": "", "note": "opt/trinity/lib/", "pointer": ""}, {"severity": "error", "package": "libpythonize0-trinity-dev", "tag": "dir-or-file-in-opt", "explanation": "", "comment": "", "note": "opt/trinity/lib/libpythonize.a", "pointer": ""}, {"severity": "error", "package": "libpythonize0-trinity-dev", "tag": "dir-or-file-in-opt", "explanation": "", "comment": "", "note": "opt/trinity/lib/libpythonize.la", "pointer": ""}, {"severity": "error", "package": "libpythonize0-trinity-dev", "tag": "dir-or-file-in-opt", "explanation": "", "comment": "", "note": "opt/trinity/lib/libpythonize.so", "pointer": ""}, {"severity": "error", "package": "libpythonize0-trinity-dev", "tag": "non-empty-dependency_libs-in-la-file", "explanation": "The dependency_libs field in the .la file has not been cleared. It has\nlong been a release goal to get rid of unneeded .la files and clearing\nthe dependency_libs field from the rest of them.\n\nA non-empty dependency_libs field will also stall the Multi-Arch\nconversion.\n\nThe .la file in itself may be useful if the library is loaded\ndynamically via libltdl.\n\nRefer to https://wiki.debian.org/ReleaseGoals/LAFileRemoval,\nhttps://lists.debian.org/debian-devel/2011/05/msg01003.html, and\nhttps://lists.debian.org/debian-devel/2011/05/msg01146.html for details.\n\nSeverity: error\n\nCheck: shared-libs", "comment": "", "note": "opt/trinity/lib/libpythonize.la", "pointer": ""}, {"severity": "warning", "package": "libpythonize0-trinity-dev", "tag": "description-contains-homepage", "explanation": "", "comment": "", "note": "", "pointer": ""}, {"severity": "warning", "package": "libpythonize0-trinity-dev", "tag": "package-relation-with-self", "explanation": "", "comment": "", "note": "breaks: libpythonize0-trinity-dev (<< 4:14.0.0~)", "pointer": ""}, {"severity": "pedantic", "package": "libpythonize0-trinity-dev", "tag": "copyright-refers-to-symlink-license", "explanation": "", "comment": "", "note": "usr/share/common-licenses/GPL", "pointer": ""}, {"severity": "classification", "package": "libpythonize0-trinity-dev", "tag": "control-tarball-compression-format", "explanation": "", "comment": "", "note": "xz", "pointer": ""}, {"severity": "classification", "package": "libpythonize0-trinity-dev", "tag": "data-tarball-compression-format", "explanation": "", "comment": "", "note": "xz", "pointer": ""}, {"severity": "classification", "package": "libpythonize0-trinity-dev", "tag": "no-ctrl-scripts", "explanation": "", "comment": "", "note": "", "pointer": ""}, {"severity": "classification", "package": "libpythonize0-trinity-dev", "tag": "package-is-maintained-by-individual", "explanation": "", "comment": "", "note": "", "pointer": ""}], "summary": {"tags_count_by_severity": {"error": 13, "warning": 5, "info": 1, "pedantic": 2, "experimental": 1, "overridden": 0, "classification": 8}, "package_filename": {"libpythonize0-trinity": "libpythonize0-trinity_14.2.0~pre42-0ubuntu20.04.0+6_armhf.deb", "libpythonize0-trinity-dev": "libpythonize0-trinity-dev_14.2.0~pre42-0ubuntu20.04.0+6_armhf.deb"}, "tags_found": ["binary-file-built-without-LFS-support", "binary-or-shlib-defines-rpath", "control-tarball-compression-format", "copyright-refers-to-symlink-license", "data-tarball-compression-format", "description-contains-homepage", "dir-or-file-in-opt", "hardening-no-bindnow", "no-ctrl-scripts", "non-empty-dependency_libs-in-la-file", "package-has-unnecessary-activation-of-ldconfig-trigger", "package-is-maintained-by-individual", "package-relation-with-self"], "overridden_tags_found": [], "lintian_version": "2.62.0", "distribution": "debian:focal"}, "version": 1}