Re: Is the Debian dependency system broken? (wget vs libgnutls-deb0-28)
On 2015-06-14 18:15:33 +0200, Dominik George wrote:
> Hi,
>
> > Note that the problem still occurs on an available set of packages:
> > just start with a Debian/stable system (jessie) and upgrade
> > libgnutls-deb0-28 to unstable (no dependencies/conflicts will
> > yield an upgrade of wget, which will occasionally segfault).
>
> well, then, obviously, the dependency on libgnutls-deb0-28 (>= 3.3.0) in
> wget is a bit too optimistic. This could have been prevented by the wget
> maintainer selecting a more restrictive set ot libgnutls versions,
> probably just 3.3.0.
Well, there are two things that one wants to avoid:
1. Upgrading libgnutls-deb0-28 to a version using libnettle6 without
upgrading the packages that depend on libgnutls-deb0-28 and use
libnettle4. This is the problem I've mentioned here. And there's
now the following bug reported by Felipe Sateler:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788735
(Bug 788710 shouldn't have been closed, but changed to something
like what bug 788735 says.)
2. Upgrading wget to to a version using libnettle6 without upgrading
libgnutls-deb0-28 to such a version too. For this point, I agree
that the dependency on libgnutls-deb0-28 (>= 3.3.0) in wget is too
optimistic. That's the following bug:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787942
BTW, if wget had the correct dependency, I would probably never have
seen problem (1).
> In any case, this is nothing any package dependency system could fix
> unless told about the situation, because, as noted above, there even is
> an expressly written rule stating that 3.3.15, being >= 3.3.0, is
> perfectly ok, and that's what apt takes into account, and that's the
> best it can do.
OK, so, that's more a problem with developers who close bugs without
fixing the dependencies.
--
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
Reply to: