You have probably tried to run lintian (-EIL +pedantic) on your packages only to watch lintian drown your terminal. If you have, you would certainly not be the first.
A concrete example with lintian 2.5.40.2:
$ lintian -EIL +pedantic 389-ds-base_1.3.4.5-2_amd64.deb | wc -l 85
Notably, at least 45 of these appeared in 2.5.40 (the hardening-no-bindnow tag):
$ lintian -EIL +pedantic 389-ds-base_1.3.4.5-2_amd64.deb \ --tags hardening-no-bindnow | wc -l 45
In a single release, we have over doubled the number of tags in the given package. I very much doubt this is the first time such a thing happened. Therefore, we have implemented a “per package” tag filter in 2.5.40.
The filter is applied automatically when stdout is a tty and restricts lintian to emitting no more than 3 concrete instances of a given tag per package. If a fourth tag would have been emitted, the filter replaces it with a “how to see all instances” message and suppresses further instances in that package.
Accordingly, lintian “only” emits 25 lines (instead of 85) for the example package. It looks something like this:
$ lintian -EIL +pedantic 389-ds-base_1.3.4.5-2_amd64.deb I: 389-ds-base: spelling-error-in-binary usr/bin/dbscan-bin conents contents X: 389-ds-base: hardening-no-bindnow usr/bin/dbscan-bin X: 389-ds-base: hardening-no-bindnow usr/bin/dsktune-bin X: 389-ds-base: hardening-no-bindnow usr/bin/infadd-bin X: 389-ds-base: hardening-no-bindnow ... use --no-tag-display-limit to see all (or pipe to a file/program) I: 389-ds-base: spelling-error-in-binary usr/lib/x86_64-linux-gnu/dirsrv/libns-dshttpd.so.0.0.0 occured occurred [...]
With this very simple filter in place, the entire lintian output for that single binary now fits on my screen. I am pretty sure the filter could do with additional smarts, but I believe it is a good start.
Filed under: Debian, Lintian
