Lintian warning: hardening-no-fortify-functions & version numbering
I'm intending to package a new software for Debian . I just completed
most of the package work and have a lintian-error free package, but I
still have a warning that is driving me crazy.
I have read the output of lintian-info -t about
hardening-no-fortify-functions, and it helps a lot. The software uses
Cmake as build tool, and the "hardening-wrapper" solution solved some
lintian warnings, but not the latest one.
I have looked at the buld logs, and I can see that the CPPFLAGS
"-D_FORTIFY_SOURCE=2" is included in all the compiler calls, but the
warning is still present.
What's the problem with this?
My another question is about the version numbering: the software is
still in development and they make a new minor version each week
(approximately). Sometimes I need to package something that is in their
repository but not still in a numbered version, so, I tried to use the
latest known version and add a ~TIMESTAMPgit... to the minor version
number, but debuild warns me about the version 0.1.0~2012......git-1 is
less than 0.1.0.
The latest thing is that I have seen several packages with ~TIMESTAMP
(screen, by example): they add a alpha-numeric string after the "git"
word... what does it mean? Where can I found some information about
packaging directly from VCS?