Bug#926060: lintian: portable-executable-missing-security-features false positives

To: 926060@bugs.debian.org
Subject: Bug#926060: lintian: portable-executable-missing-security-features false positives
From: Scott Kitterman <debian@kitterman.com>
Date: Mon, 01 Apr 2019 11:36:23 +0000
Message-id: <[🔎] FB6611D8-6292-4B78-B0D9-9C2DFE6F4B06@kitterman.com>
Reply-to: Scott Kitterman <debian@kitterman.com>, 926060@bugs.debian.org
In-reply-to: <[🔎] 98bdd21a-183c-4abe-8372-efaf4542641b@www.fastmail.com>
References: <20190331051840.22127.71420.reportbug@kitterma-E6430> <[🔎] ffdef0ef-ae26-4138-afc0-9dfe47f22e6a@www.fastmail.com> <20190331051840.22127.71420.reportbug@kitterma-E6430> <[🔎] 3174518.cf22pGiqGt@kitterma-e6430> <[🔎] 98bdd21a-183c-4abe-8372-efaf4542641b@www.fastmail.com> <20190331051840.22127.71420.reportbug@kitterma-E6430>


On April 1, 2019 10:30:58 AM UTC, Chris Lamb <lamby@debian.org> wrote:
>Hi Scott,
>
>> > > I'm reasonably confident that clamav testfiles don't need
>hardening
>> > > features, so [1] seems pretty pointless.
>> > 
>> > I don't disagree at all here but I'm wondering how Lintian would be
>> > able to detect that these are test files? Perhaps I'm missing
>> > something. :)
>> 
>> I don't know.  I didn't look into how the test was implemented.
>
>I guess my question was less about how the Lintian test is implemented
>but rather how Lintian might potentially be able to determine
>these .exe files are for internal testing purposes of your package.
>
>> [if] we should override the test for this package as a result,
>> that's fine.
>
>… I strongly suspect this is the case, yeah. If you agree, please
>go ahead and -done this issue. Thanks either way, naturally. :)

These are all EICAR test files [1].  Generically these are all test files (I haven't checked, other packages may ship these to).  It would be at least slightly generic and not unreasonable to exclude any files with the EICAR test string from the test.

Scott K


[1] https://en.m.wikipedia.org/wiki/EICAR_test_file

Reply to:

Follow-Ups:
- Bug#926060: lintian: portable-executable-missing-security-features false positives
  - From: "Chris Lamb" <lamby@debian.org>

References:
- Bug#926060: lintian: portable-executable-missing-security-features false positives
  - From: "Chris Lamb" <lamby@debian.org>
- Bug#926060: lintian: portable-executable-missing-security-features false positives
  - From: Scott Kitterman <debian@kitterman.com>
- Bug#926060: lintian: portable-executable-missing-security-features false positives
  - From: "Chris Lamb" <lamby@debian.org>

Prev by Date: Jenkins build is back to normal : lintian-tests_sid #3581
Next by Date: Bug#926166: lintian should not tag debian-watch-file-should-mangle-version when dversionmangle is set to "auto"
Previous by thread: Bug#926060: lintian: portable-executable-missing-security-features false positives
Next by thread: Bug#926060: lintian: portable-executable-missing-security-features false positives
Index(es):
- Date
- Thread