[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#728937: apache2: broken in system upgrade due to mailgraph Recommends leading to tntnet installation

severity 728937 wishlist
tags 728937 pending

On 07.11.2013 03:08, Vincent Lefevre wrote:
> Severity: grave
> Justification: renders package unusable

Your issue renders the package no way unusable, or "causes data loss, or
introduces a security hole allowing access to the accounts of users who
use the package". In fact, it's not even a bug since you installed a
leaf package directly which is not meant to be used standalone.

> I had the following problem when upgrading Ubuntu from 13.04 to 13.10,
> and since Debian has more or less the same packages (stable & sid), I
> think it can be affected too.

Yet this is Debian, and not Ubuntu. I do not doubt your issue is in
Debian, too but still it would be helpful if you verified your problem
in Debian when reporting to a Debian bug tracker.

>   Installing tntnet as Recommends of mailgraph
>     Installing libcxxtools9 as Depends of tntnet
>     Installing libtntnet11 as Depends of tntnet
>       Installing tntnet-runtime as Recommends of libtntnet11
> The mailgraph Recommends has in particular: httpd | apache2. 

which is perfectly acceptable, since that's precisely what the
recommends line tells. If you believe this is a problem and apache
should be pulled instead, report a bug against mailgraph.

> As
> the apache2 package wasn't installed on my machine (it is just
> a metapackage with Apache 2.2, such as in Ubuntu 13.04 and the
> current Debian stable, so that one can already have an Apache
> server without this package), this can lead to the installation
> of another web server such as tntnet via httpd.

You can. But it's not supported. That use case is meant for people
embedding Apache as embedded server into their binaries, such as
gnome-user-share. Everyone else is supposed to install apache2.

> Note: on this machine, I had apache2-mpm-itk installed, which had
> "Provides: ..., httpd, ..." in the 2.2 version, but this line is
> no longer present in the 2.4 version (the new apache2-bin package
> has one and is eventually installed due to dependencies, but it
> seems that apt can't figure this out early enough).

Which means, this problem is one existing in apt/aptitude.

> I don't know the best solution. Add a "Provides:" line to the
> transitional packages (such as apache2-mpm-itk), which corresponds
> to what apache2-bin now provides?

At least that seems not to cause problems, so I may add it for the next
upload unless I find another unwanted side-effect.

with kind regards,
Arno Töll
IRC: daemonkeeper on Freenode/OFTC
GnuPG Key-ID: 0x9D80F36D

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: