Re: Some coriousities about debian package maintaining
On Tue, Aug 04 2009, Sebastian Müller wrote:
> Hi,
>
> I didn’t practice my english for a while, I am sorry for
> misunderstandings. If there are some points of misunderstanding,
> please ask me, that I am able to solve them. I am also a little
> unsure, if this is the correct place to ask, since I am new to debian.
>
> Today I installed a package via Apt (called ‚tor‘) on a server of
> mine. It installed a few packages on my hdd, to name some of them:
> tor, privoxy, socat, tsocks. Privoxy started directly beeing a
> service running at boot, same goes for tor itself.
>
> Since I only wanted to use the package ‚tor‘, which was promoted on
> https://www.torproject.org/, i removed privoxy, socat and tsocks.
--8<---------------cut here---------------start------------->8---
Package: tor
Depends: libc6 (>= 2.7-1), libevent1 (>= 1.3e),
libssl0.9.8 (>= 0.9.8f-5), zlib1g (>= 1:1.1.4), adduser, tsocks
Recommends: privoxy | polipo (>= 1), socat, logrotate, tor-geoipdb
Suggests: mixmaster, mixminion, anon-proxy
--8<---------------cut here---------------end--------------->8---
Since tsocks is listed as a dependency, not as a recommends,
removing that will break the package; and the package management system
is warning you about it.
> After I did that, I am no longer able to use apt, it is telling me all
> the time „unmet depencies“, from my log:
Which is indeed true, since you removed tsocks.
>
> As result, I opened a bugreport. Since I weren’t able to install
This is not a bug. If you override the package system, and thus
break it, you are now responsible for fixing it.
> ‚reportbug‘ (due to the failure about the depencies), I also took a
> look at Tor IRC. A user in #Tor told me to write a bug report, since
> the packages should be ‚suggested‘ instead of ‚required‘.
Two of the packages you removed are indeed not dependencies,
namely, privoxy and socats.
> So, I wrote a bugreport by Mail.
> (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539881 )
>
> As you can read the response has been nearly the same like: ‚You are
> talking shit, they are not depencies‘ Closed.
That is not what was said. If you exaggerate, it is hard to
grant you any credibility.
What was said was:
::] Neither privoxy nor socat are dependencies.
::] tsocks is required for torify.
Which is essentially true.
> Nevertheless, when I install Tor (apt-get install tor), the depencies
> are installed and Apt is morrowing when I deinstall them. I talked to
> the maintainer in chat, but there is no way to get a normal answer.
> His answers were:
>
> CRAZyBUg• oh yeah this bug sucks, after removing unneeded depencies,
> apt stopped working saying 'privoxy, tsocks, socat needed by tor but
> not installed'
I doubt that is the case. Only tsocks would have been reported.
> weasel• it'll be closed immediatelhy. so don't bother filing it
> weasel• because tsocks is 500 kilobytes. unpacked.
> weasel• the .deb is half that and the ftp masters would bite off
> weasel* my head for creating a package for a single file
> weasel• the meta data overhead and the maintenance and cpu overhead
> weasel* that goes with that would never justify itself
> weasel• moving out torify is one thing, but moving out tor-resolve and
> weasel* tor-gencert adds another 11 or so packages
> weasel• and I don't see the gain at all
> weasel• also, there's little point
> CRAZyBUg• Sebastian_: i don't care how big or small the app is.
> CRAZyBUg• It is unneeded and it's like installing some FTP server
> CRAZyBUg• while using apt-get install firefox
> weasel• bullshit. tsocks isn't a daemon.
> CRAZyBUg• tsocks is unneeded for running tor, am i right, weasel?
> weasel• it's needed for torify which is part of tor.
> weasel• anyway, you are unlikely to change my opinion here.
> weasel• and you didn't even do us the courtesy of reading backlog and
> weasel• instead just chose to steal my time again weasel• so have a nice
> weasel• day. bye.
How to manage their package is up to the maintainer, and usually
a great deal of latitude is granted to them. This seems like a
reasonable explanation from the maintainer.
> The thing about ‚torify is part of tor‘ is right, but it is used only
> if privoxy or something like is installed too on localhost. When you
Umm, why is this? Why can't I have a socks using application
without needing a proxy?
> don’t need privoxy/socat (due to use on a server), you don’t need
> torify. Due to that, the tsocks depency is unneeded (like privoxy and
> socat). But all of them are getting installed by hitting: apt-get
torify is a simple wrapper that calls tsocks with a tor specific
configuration file. I don't see tsocks being optional here, though
privoxy does seem unrelated.
> install tor Privoxy is a daemon running in background. WTF?
You can tell aptitude not to install recommends by default.
> I am not able to talk to weasel, since he doesn’t want to talk to me
> anymore, as you can read in the chatlines. I were using freeBSD the
> last years, started using debian a few month ago. My requirement for
> security starts by installing as few software (and DAEMONS!!) as
> possible. It would be nice, if you could answer me if I am wrong
> using debian with that requirement. Nevertheless, weasel wasn’t able
> to answer me how to get apt-get working without using tsocks. Maybe
> you are able to. I don’t know how else to contact, so I hope you can
> help me out.
This determination needs to be made by you.
I do not see this as something that the TC needs take action on.
manoj
--
Double!
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/~srivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Reply to: