[Pkg-ime-devel] Reminder: Freeze of Wheezy is approaching
Aron Xu
happyaron.xu at gmail.com
Sat Jan 28 12:10:19 UTC 2012
Dear fellow developers,
As a reminder, Wheezy is expected to be frozen in June, 2012. The
exact deadline is still not decided.
Now it is a good time to ping upstream, to coordinate a release that
is to be uploaded before June for Wheezy, so we can have as many
features/fixes as possible. It is also encouraged to fix existing bugs
and making all kinds of packaging changes before June, so we don't
need to bother with Release Team later.
Package scim-python needs some love because it is RC buggy. Though the
package is not that widely used today, I still wonder if there are
people running it and would like to have it for Wheezy.
Two misc suggestions on packaging:
1.Prefer im-config over im-switch.
During the past year, im-config is being developed and now is
recommended for all users. im-config is now internationalized and have
many advantages over im-switch. It will be a great achievement if we
could completely drop im-switch from the archive for Wheezy+1.
If your package is already working with im-config, please make sure
there is a "Recommends: im-config | im-switch" in the package control
file. Please try to avoid direct "Depends:" on such packages to allow
more flexibility for users.
Continue reading: Osamu's post at ubuntu-devel-discuss[1].
[1]https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2012-January/013192.html
2.Enable hardening build flags for C/C++ packages. (Wheezy release goal[2])
Input method packages normally run as unprivileged user, so it's a bit
rare for input methods to be exposed to security problems. But it is
rational to enable hardening build flags for two reasons:
1) Most users log in to the system using unprivileged account, but
they usually use "sudo" or likewise to gain root privilege (think
about Ubuntu's default). While the user inputting their beloved
passwords (system, or other passwords), if input method isn't disabled
then there is potential risk of leaking the passwords from our side.
2) There are users running input method as root, directly or
indirectly. The direct use of input method as root is that the user
logs in the system as root, for desktop sessions, or console sessions
(e.g., when using fbterm, it is required that fbterm/im to run as root
to enable features like keyboard shortcuts, users usually add setuid
bit to /usr/bin/fbterm here). The indirect use of input method as
root, for instance, is the user runs `gksu gedit` to edit some files.
So much on explaining the reasons, implementation of this feature is
very straightforward - just add the following two lines at the
beginning of debian/rules is sufficient for most cases:
DPKG_EXPORT_BUILDFLAGS = 1
-include /usr/share/dpkg/buildflags.mk
See [3] for more reference.
[2]http://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[3]http://wiki.debian.org/Hardening
--
Regards,
Aron Xu
More information about the Pkg-ime-devel
mailing list