cmd: lintian --no-cfg --display-level '>=classification' --display-experimental --info --show-overrides '/tmp/debusine-fetch-exec-upload-t6klxwyx/spawn-fcgi_1.6.7~snap-20250301-194725-ga82da4-0.2.dsc' '/tmp/debusine-fetch-exec-upload-t6klxwyx/spawn-fcgi-dbgsym_1.6.7~snap-20250301-194725-ga82da4-0.2_amd64.deb' '/tmp/debusine-fetch-exec-upload-t6klxwyx/spawn-fcgi_1.6.7~snap-20250301-194725-ga82da4-0.2_amd64.deb'
output (contains stderr only, stdout was captured):
Files in working directory:
lintian.txt
--------------------
N:
I: spawn-fcgi: bash-term-in-posix-shell '&>' [usr/share/doc/spawn-fcgi/examples/spawn-fcgi_launcher:46]
N:
N: This script is marked as running under /bin/sh, but it seems to use a
N: feature found in bash but not in the SUSv3 or POSIX shell specification.
N:
N: Some examples are:
N:
N: - == in a test, it should use = instead - read without a variable in the
N: argument - function to define a function - source instead of . - . command
N: args, passing arguments to commands via source is not supported -
N: {foo,bar} instead of foo bar - [[ test ]] instead of [ test ] (requires a
N: Korn shell) - type instead of which or command -v
N:
N: Visibility: info
N: Show-Always: no
N: Check: shell/non-posix/bash-centric
N:
N:
I: spawn-fcgi: bash-term-in-posix-shell '&>' [usr/share/doc/spawn-fcgi/examples/spawn-fcgi_launcher:53]
N:
I: spawn-fcgi: hardening-no-bindnow [usr/bin/spawn-fcgi]
N:
N: This package provides an ELF binary that lacks the "bindnow" linker flag.
N:
N: This is needed (together with "relro") to make the "Global Offset Table"
N: (GOT) fully read-only. The bindnow feature trades startup time for
N: improved security. Please consider enabling this feature or consider
N: overriding the tag (possibly with a comment about why).
N:
N: If you use dpkg-buildflags, you may have to add hardening=+bindnow or
N: hardening=+all to DEB_BUILD_MAINT_OPTIONS.
N:
N: The relevant compiler flags are set in LDFLAGS.
N:
N: Please refer to https://wiki.debian.org/Hardening for details.
N:
N: Visibility: info
N: Show-Always: no
N: Check: binaries/hardening
N:
N:
I: spawn-fcgi source: out-of-date-standards-version 4.7.0 (released 2024-04-07) (current is 4.7.2)
N:
N: The source package refers to a Standards-Version older than the one that
N: was current at the time the package was created (according to the
N: timestamp of the latest debian/changelog entry). Please consider updating
N: the package to current Policy and setting this control field
N: appropriately.
N:
N: If the package is already compliant with the current standards, you don't
N: have to re-upload the package just to adjust the Standards-Version control
N: field. However, please remember to update this field next time you upload
N: the package.
N:
N: See /usr/share/doc/debian-policy/upgrading-checklist.txt.gz in the
N: debian-policy package for a summary of changes in newer versions of
N: Policy.
N:
N: Please refer to
N: https://www.debian.org/doc/debian-policy/upgrading-checklist.html for
N: details.
N:
N: Visibility: info
N: Show-Always: no
N: Check: fields/standards-version
N:
N:
P: spawn-fcgi source: hyphen-in-upstream-part-of-debian-changelog-version 1.6.7~snap-20250301-194725-ga82da4 [debian/changelog:1]
N:
N: The upstream version in the debian changelog contains one or more hyphens.
N: While that is okay according to Debian Policy, some tools may croak.
N:
N: Please refer to Version (Section 5.6.12) in the Debian Policy Manual for
N: details.
N:
N: Visibility: pedantic
N: Show-Always: no
N: Check: debian/changelog
N:
N:
P: spawn-fcgi: maintainer-script-without-set-e [preinst]
N:
N: The maintainer script passes -e to the shell on the #! line rather than
N: using set -e in the body of the script. This is fine for normal operation,
N: but if the script is run by hand with sh /path/to/script (common in
N: debugging), -e will not be in effect. It's therefore better to use set -e
N: in the body of the script.
N:
N: Please refer to Scripts (Section 10.4) in the Debian Policy Manual for
N: details.
N:
N: Visibility: pedantic
N: Show-Always: no
N: Check: scripts
N:
N:
X: spawn-fcgi source: debian-watch-does-not-check-openpgp-signature [debian/watch]
N:
N: This watch file does not specify a means to verify the upstream tarball
N: using a cryptographic signature.
N:
N: If upstream distributions provides such signatures, please use the
N: pgpsigurlmangle options in this watch file's opts= to generate the URL of
N: an upstream OpenPGP signature. This signature is automatically downloaded
N: and verified against a keyring stored in debian/upstream/signing-key.asc
N:
N: Of course, not all upstreams provide such signatures but you could request
N: them as a way of verifying that no third party has modified the code after
N: its release (projects such as phpmyadmin, unrealircd, and proftpd have
N: suffered from this kind of attack).
N:
N: Please refer to the uscan(1) manual page for details.
N:
N: Visibility: pedantic
N: Show-Always: no
N: Check: debian/watch
N: Renamed from: debian-watch-does-not-check-gpg-signature
N: debian-watch-may-check-gpg-signature
N: This tag is experimental.
N:
N:
X: spawn-fcgi source: prefer-uscan-symlink filenamemangle s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%@PACKAGE@-$1.tar.gz% [debian/watch:4]
N:
N: Please consider setting USCAN_SYMLINK=rename in your ~/.devscripts
N: configuration file instead of using the option filenamemangle in
N: debian/watch.
N:
N: Please check with your team before making changes to sources you maintain
N: together. There are circumstances when the filenamemangle option is
N: better.
N:
N: Please refer to the uscan(1) manual page for details.
N:
N: Visibility: pedantic
N: Show-Always: no
N: Check: debian/watch
N: This tag is experimental.
N:
N:
X: spawn-fcgi: spelling-error-in-binary childs children [usr/bin/spawn-fcgi]
N:
N: Lintian found a spelling error in the given binary. Lintian has a list of
N: common misspellings that it looks for. It does not have a dictionary like
N: a spelling checker does.
N:
N: If the string containing the spelling error is translated with the help of
N: gettext or a similar tool, please fix the error in the translations as
N: well as the English text to avoid making the translations fuzzy. With
N: gettext, for example, this means you should also fix the spelling mistake
N: in the corresponding msgids in the *.po files.
N:
N: You can often find the word in the source code by running:
N:
N: grep -rw <word> <source-tree>
N:
N: This tag may produce false positives for words that contain non-ASCII
N: characters due to limitations in strings.
N:
N: Visibility: pedantic
N: Show-Always: no
N: Check: binaries/spelling
N: This tag is experimental.
N:
N:
X: spawn-fcgi source: update-debian-copyright 2017 vs 2025 [debian/copyright:9]
N:
N: The most recent copyright year mentioned for files in ./debian lags behind
N: the year in the timestamp for the most recent changelog entry.
N:
N: Visibility: pedantic
N: Show-Always: no
N: Check: debian/copyright/dep5
N: This tag is experimental.
N:
N:
X: spawn-fcgi source: upstream-metadata-file-is-missing
N:
N: This source package is not Debian-native but it does not have a
N: debian/upstream/metadata file.
N:
N: The Upstream MEtadata GAthered with YAml (UMEGAYA) project is an effort to
N: collect meta-information about upstream projects from any source package.
N: This file is in YAML format and it is used in to feed the data in the
N: UltimateDebianDatabase. For example, it can contains the way the authors
N: want their software be cited in publications and some bibliographic
N: references about the software.
N:
N: Please add a debian/upstream/metadata file.
N:
N: Please refer to https://dep-team.pages.debian.net/deps/dep12/ and
N: https://wiki.debian.org/UpstreamMetadata for details.
N:
N: Visibility: pedantic
N: Show-Always: no
N: Check: debian/upstream/metadata
N: This tag is experimental.
N:
N:
C: spawn-fcgi: control-tarball-compression-format xz
N:
N: This is the compressor format used for the control.tar tarball.
N:
N: Visibility: classification
N: Show-Always: no
N: Check: deb-format
N: This tag is a classification. There is no issue in your package.
N:
N:
C: spawn-fcgi-dbgsym: control-tarball-compression-format xz
N:
C: spawn-fcgi: ctrl-script [preinst]
N:
N: This package has one or more maintainer scripts (or other executable
N: control files).
N:
N: This flags any control file with the executable bit set.
N:
N: Visibility: classification
N: Show-Always: no
N: Check: control-files
N: This tag is a classification. There is no issue in your package.
N:
N:
C: spawn-fcgi: data-tarball-compression-format xz
N:
N: This is the compressor format used for the data.tar tarball.
N:
N: Visibility: classification
N: Show-Always: no
N: Check: deb-format
N: This tag is a classification. There is no issue in your package.
N:
N:
C: spawn-fcgi-dbgsym: data-tarball-compression-format xz
N:
C: spawn-fcgi source: debhelper-compat-level 13
N:
N: This is the debhelper compat level used specified by this package.
N:
N: Visibility: classification
N: Show-Always: no
N: Check: debhelper
N: This tag is a classification. There is no issue in your package.
N:
N:
C: spawn-fcgi source: debhelper-compat-virtual-relation 13 [debian/control]
N:
N: This package is using the debhelper-compat virtual package as a
N: build-dependency.
N:
N: Visibility: classification
N: Show-Always: no
N: Check: debhelper
N: This tag is a classification. There is no issue in your package.
N:
N:
C: spawn-fcgi source: debian-build-system dh [debian/rules]
N:
N: This is the build system that Lintian believes the package is using.
N:
N: Visibility: classification
N: Show-Always: no
N: Check: debhelper
N: This tag is a classification. There is no issue in your package.
N:
N:
C: spawn-fcgi source: debian-watch-file-standard 4 [debian/watch]
N:
N: The watch file uses this version standard. The currently known watch file
N: versions are 2, 3 and 4. Version 1 means it was undeclared.
N:
N: Please refer to the uscan(1) manual page for details.
N:
N: Visibility: classification
N: Show-Always: no
N: Check: debian/watch/standard
N: This tag is a classification. There is no issue in your package.
N:
N:
C: spawn-fcgi source: mail-contact Maintainer "Jérémy Lal" <kapouer@melix.org>
N:
N: This person is a contact in the named group for this package.
N:
N: Visibility: classification
N: Show-Always: no
N: Check: fields/mail-address
N: Renamed from: maintainer uploader
N: This tag is a classification. There is no issue in your package.
N:
N:
C: spawn-fcgi: mail-contact Maintainer "Jérémy Lal" <kapouer@melix.org>
N:
C: spawn-fcgi-dbgsym: mail-contact Maintainer "Jérémy Lal" <kapouer@melix.org>
N:
C: spawn-fcgi: maintainer-script-interpreter /bin/sh [preinst]
N:
N: Interpreter used in maintainer script or ELF
N:
N: Visibility: classification
N: Show-Always: no
N: Check: scripts
N: This tag is a classification. There is no issue in your package.
N:
N:
C: spawn-fcgi-dbgsym: no-ctrl-scripts
N:
N: The package does not rely on any maintainer scripts (or other executable
N: control files).
N:
N: Visibility: classification
N: Show-Always: no
N: Check: control-files
N: This tag is a classification. There is no issue in your package.
N:
N:
C: spawn-fcgi source: package-is-maintained-by-individual
N:
N: The package is maintained by an individual according to the
N: maintainer/uploaders fields in the debian/control file.
N:
N: Visibility: classification
N: Show-Always: no
N: Check: fields/vcs
N: This tag is a classification. There is no issue in your package.
N:
N:
C: spawn-fcgi: package-is-maintained-by-individual
N:
C: spawn-fcgi-dbgsym: package-is-maintained-by-individual
N:
C: spawn-fcgi source: patch-system quilt
N:
N: This package uses the specified patch system (eg. "quilt" or "dpatch").
N:
N: Visibility: classification
N: Show-Always: no
N: Check: debian/patches
N: This tag is a classification. There is no issue in your package.
N:
N:
C: spawn-fcgi source: rules-do-not-require-root [debian/control:10]
N:
N: The sources can build the installation packages without using fakeroot(1)
N: or similar.
N:
N: Please refer to usr/share/doc/dpkg/spec/rootless-builds.txt, debian/rules
N: and Rules-Requires-Root (Section 4.9.2) in the Debian Policy Manual, and
N: Rules-Requires-Root (Section 5.6.31) in the Debian Policy Manual for
N: details.
N:
N: Visibility: classification
N: Show-Always: no
N: Check: debian/control/field/rules-requires-root
N: Renamed from: rules-does-not-require-root
N: This tag is a classification. There is no issue in your package.
N:
N:
C: spawn-fcgi source: source-format 3.0 (quilt)
N:
N: This is the source format declared in the package.
N:
N: Visibility: classification
N: Show-Always: no
N: Check: debian/source-dir
N: This tag is a classification. There is no issue in your package.
N:
N:
C: spawn-fcgi source: standards-version 4.7.0
N:
N: The standards version of the package according to Standards-Version field
N: in the debian/control file.
N:
N: Visibility: classification
N: Show-Always: no
N: Check: fields/standards-version
N: This tag is a classification. There is no issue in your package.
N:
N:
C: spawn-fcgi source: trimmed-deb822-field §1 Build-Depends debhelper-compat (= 13), meson [debian/control:5]
N:
N: The raw but trimmed contents of the named field in the given Deb822 file.
N: The number indicates the section from the top, starting at 1.
N:
N: Visibility: classification
N: Show-Always: no
N: Check: fields/deb822
N: This tag is a classification. There is no issue in your package.
N:
N:
C: spawn-fcgi source: trimmed-deb822-field §1 Homepage http://redmine.lighttpd.net/projects/spawn-fcgi [debian/control:9]
N:
C: spawn-fcgi source: trimmed-deb822-field §1 Maintainer Jérémy Lal <kapouer@melix.org> [debian/control:2]
N:
C: spawn-fcgi source: trimmed-deb822-field §1 Priority optional [debian/control:4]
N:
C: spawn-fcgi source: trimmed-deb822-field §1 Rules-Requires-Root no [debian/control:10]
N:
C: spawn-fcgi source: trimmed-deb822-field §1 Section web [debian/control:3]
N:
C: spawn-fcgi source: trimmed-deb822-field §1 Source spawn-fcgi [debian/control:1]
N:
C: spawn-fcgi source: trimmed-deb822-field §1 Standards-Version 4.7.0 [debian/control:6]
N:
C: spawn-fcgi source: trimmed-deb822-field §1 Vcs-Browser https://salsa.debian.org/debian/spawn-fcgi [debian/control:7]
N:
C: spawn-fcgi source: trimmed-deb822-field §1 Vcs-Git https://salsa.debian.org/debian/spawn-fcgi.git [debian/control:8]
N:
C: spawn-fcgi source: trimmed-deb822-field §2 Architecture any [debian/control:13]
N:
C: spawn-fcgi source: trimmed-deb822-field §2 Depends ${shlibs:Depends},\n ${misc:Depends} [debian/control:14]
N:
C: spawn-fcgi source: trimmed-deb822-field §2 Description FastCGI process spawner\n Allows FastCGI processes to be separated from web server process :\n * Easy creation of chmoded socket.\n * Privilege separation without needing a suid-binary,\n or running a server as root.\n * You can restart your web server and the FastCGI applications\n without restarting the others.\n * You can run them in different chroot()s.\n * Running your FastCGI applications doesn’t depend on the web server\n you are running, which allows for easier testing of/migration\n to other web servers. [debian/control:16]
N:
C: spawn-fcgi source: trimmed-deb822-field §2 Package spawn-fcgi [debian/control:12]
N:
C: spawn-fcgi source: trimmed-field Architecture any
N:
N: These are the raw but trimmed contents of the named field in the package's
N: primary control file.
N:
N: Visibility: classification
N: Show-Always: no
N: Check: fields/trimmed
N: This tag is a classification. There is no issue in your package.
N:
N:
C: spawn-fcgi source: trimmed-field Binary spawn-fcgi
N:
C: spawn-fcgi source: trimmed-field Build-Depends debhelper-compat (= 13), meson
N:
C: spawn-fcgi source: trimmed-field Checksums-Sha1 6f9bbf7b0869ed6d25e5250d289b90ca22b632d1 11868 spawn-fcgi_1.6.7~snap-20250301-194725-ga82da4.orig.tar.xz\n ec4b9d8025af9ec8a130abaf428af1f76a3bfc3b 4356 spawn-fcgi_1.6.7~snap-20250301-194725-ga82da4-0.2.debian.tar.xz
N:
C: spawn-fcgi source: trimmed-field Checksums-Sha256 8c2993a81cf023403c575521fd2fa9b5ebba60bc5ddf71dc330922dcec50d08f 11868 spawn-fcgi_1.6.7~snap-20250301-194725-ga82da4.orig.tar.xz\n 312d1252c554b11c16e851e01bc5e05b53e4f53ff9ffca30810e66559434b04e 4356 spawn-fcgi_1.6.7~snap-20250301-194725-ga82da4-0.2.debian.tar.xz
N:
C: spawn-fcgi source: trimmed-field Files 8a11b403e079625c32b7f840e07dd8c5 11868 spawn-fcgi_1.6.7~snap-20250301-194725-ga82da4.orig.tar.xz\n 2794aad967b259dd0487ea6bf483426d 4356 spawn-fcgi_1.6.7~snap-20250301-194725-ga82da4-0.2.debian.tar.xz
N:
C: spawn-fcgi source: trimmed-field Format 3.0 (quilt)
N:
C: spawn-fcgi source: trimmed-field Homepage http://redmine.lighttpd.net/projects/spawn-fcgi
N:
C: spawn-fcgi source: trimmed-field Maintainer Jérémy Lal <kapouer@melix.org>
N:
C: spawn-fcgi source: trimmed-field Package-List spawn-fcgi deb web optional arch=any
N:
C: spawn-fcgi source: trimmed-field Source spawn-fcgi
N:
C: spawn-fcgi source: trimmed-field Standards-Version 4.7.0
N:
C: spawn-fcgi source: trimmed-field Vcs-Browser https://salsa.debian.org/debian/spawn-fcgi
N:
C: spawn-fcgi source: trimmed-field Vcs-Git https://salsa.debian.org/debian/spawn-fcgi.git
N:
C: spawn-fcgi source: trimmed-field Version 1.6.7~snap-20250301-194725-ga82da4-0.2
N:
C: spawn-fcgi: trimmed-field Architecture amd64
N:
C: spawn-fcgi: trimmed-field Depends libc6 (>= 2.38)
N:
C: spawn-fcgi: trimmed-field Description FastCGI process spawner\n Allows FastCGI processes to be separated from web server process :\n * Easy creation of chmoded socket.\n * Privilege separation without needing a suid-binary,\n or running a server as root.\n * You can restart your web server and the FastCGI applications\n without restarting the others.\n * You can run them in different chroot()s.\n * Running your FastCGI applications doesn’t depend on the web server\n you are running, which allows for easier testing of/migration\n to other web servers.
N:
C: spawn-fcgi: trimmed-field Homepage http://redmine.lighttpd.net/projects/spawn-fcgi
N:
C: spawn-fcgi: trimmed-field Installed-Size 55
N:
C: spawn-fcgi: trimmed-field Maintainer Jérémy Lal <kapouer@melix.org>
N:
C: spawn-fcgi: trimmed-field Package spawn-fcgi
N:
C: spawn-fcgi: trimmed-field Priority optional
N:
C: spawn-fcgi: trimmed-field Section web
N:
C: spawn-fcgi: trimmed-field Version 1.6.7~snap-20250301-194725-ga82da4-0.2
N:
C: spawn-fcgi-dbgsym: trimmed-field Architecture amd64
N:
C: spawn-fcgi-dbgsym: trimmed-field Auto-Built-Package debug-symbols
N:
C: spawn-fcgi-dbgsym: trimmed-field Build-Ids c82b6edf616e72fead061df6a1fc1ccabb3a4f00
N:
C: spawn-fcgi-dbgsym: trimmed-field Depends spawn-fcgi (= 1.6.7~snap-20250301-194725-ga82da4-0.2)
N:
C: spawn-fcgi-dbgsym: trimmed-field Description debug symbols for spawn-fcgi
N:
C: spawn-fcgi-dbgsym: trimmed-field Installed-Size 39
N:
C: spawn-fcgi-dbgsym: trimmed-field Maintainer Jérémy Lal <kapouer@melix.org>
N:
C: spawn-fcgi-dbgsym: trimmed-field Package spawn-fcgi-dbgsym
N:
C: spawn-fcgi-dbgsym: trimmed-field Priority optional
N:
C: spawn-fcgi-dbgsym: trimmed-field Section debug
N:
C: spawn-fcgi-dbgsym: trimmed-field Source spawn-fcgi
N:
C: spawn-fcgi-dbgsym: trimmed-field Version 1.6.7~snap-20250301-194725-ga82da4-0.2
N:
C: spawn-fcgi source: vcs git
N:
N: The package uses the specified VCS (eg. "git") according to the
N: debian/control file.
N:
N: Visibility: classification
N: Show-Always: no
N: Check: fields/vcs
N: This tag is a classification. There is no issue in your package.
N:
N:
C: spawn-fcgi source: vcs-uri Git https://salsa.debian.org/debian/spawn-fcgi.git
N:
N: The package uses the specified VCS URI according to the debian/control
N: file.
N:
N: Visibility: classification
N: Show-Always: no
N: Check: fields/vcs
N: This tag is a classification. There is no issue in your package.
N:
--------------------