Re: Is the Debian dependency system broken? (wget vs libgnutls-deb0-28)

To: debian-devel@lists.debian.org
Subject: Re: Is the Debian dependency system broken? (wget vs libgnutls-deb0-28)
From: Vincent Lefevre <vincent@vinc17.net>
Date: Sun, 14 Jun 2015 22:38:28 +0200
Message-id: <[🔎] 20150614203828.GB20417@xvii.vinc17.org>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 557DA8A5.9090306@naturalnet.de>
References: <[🔎] 20150614140332.GA746@xvii.vinc17.org> <[🔎] 557DA8A5.9090306@naturalnet.de>

On 2015-06-14 18:15:33 +0200, Dominik George wrote:
> Hi,
> 
> > Note that the problem still occurs on an available set of packages:
> > just start with a Debian/stable system (jessie) and upgrade
> > libgnutls-deb0-28 to unstable (no dependencies/conflicts will
> > yield an upgrade of wget, which will occasionally segfault).
> 
> well, then, obviously, the dependency on libgnutls-deb0-28 (>= 3.3.0) in
> wget is a bit too optimistic. This could have been prevented by the wget
> maintainer selecting a more restrictive set ot libgnutls versions,
> probably just 3.3.0.

Well, there are two things that one wants to avoid:

1. Upgrading libgnutls-deb0-28 to a version using libnettle6 without
   upgrading the packages that depend on libgnutls-deb0-28 and use
   libnettle4. This is the problem I've mentioned here. And there's
   now the following bug reported by Felipe Sateler:

    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788735

   (Bug 788710 shouldn't have been closed, but changed to something
   like what bug 788735 says.)

2. Upgrading wget to to a version using libnettle6 without upgrading
   libgnutls-deb0-28 to such a version too. For this point, I agree
   that the dependency on libgnutls-deb0-28 (>= 3.3.0) in wget is too
   optimistic. That's the following bug:

    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787942

BTW, if wget had the correct dependency, I would probably never have
seen problem (1).

> In any case, this is nothing any package dependency system could fix
> unless told about the situation, because, as noted above, there even is
> an expressly written rule stating that 3.3.15, being >= 3.3.0, is
> perfectly ok, and that's what apt takes into account, and that's the
> best it can do.

OK, so, that's more a problem with developers who close bugs without
fixing the dependencies.

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Reply to:

Follow-Ups:
- Re: Is the Debian dependency system broken? (wget vs libgnutls-deb0-28)
  - From: Andreas Metzler <ametzler@bebt.de>
- Re: Is the Debian dependency system broken? (wget vs libgnutls-deb0-28)
  - From: Magnus Holmgren <holmgren@debian.org>

References:
- Is the Debian dependency system broken? (wget vs libgnutls-deb0-28)
  - From: Vincent Lefevre <vincent@vinc17.net>
- Re: Is the Debian dependency system broken? (wget vs libgnutls-deb0-28)
  - From: Dominik George <nik@naturalnet.de>

Prev by Date: Re: Is the Debian dependency system broken? (wget vs libgnutls-deb0-28)
Next by Date: Re: Is the Debian dependency system broken? (wget vs libgnutls-deb0-28)
Previous by thread: Re: Is the Debian dependency system broken? (wget vs libgnutls-deb0-28)
Next by thread: Re: Is the Debian dependency system broken? (wget vs libgnutls-deb0-28)
Index(es):
- Date
- Thread