Bug#700759: Shared library policy on private libs

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#700759: Shared library policy on private libs
From: Phillip Susi <psusi@ubuntu.com>
Date: Sat, 16 Feb 2013 20:24:09 -0500
Message-id: <[🔎] 51203139.9080903@ubuntu.com>
Reply-to: Phillip Susi <psusi@ubuntu.com>, 700759@bugs.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Package: tech-ctte

I filed bug #700677 because ntfs-3g has a shared library that ubuntu's
testdisk links to, but it does not follow the SONAME rules.  It seems
that upstream breaks ABI on every release, and the maintainer feels
that the library is not intended for other packages to link to, and
therefore, does not have to comply with section 8.1 of the policy manual.

I believe that a strict and literal interpretation of the language of
section 8 means that whether you intend the library for other packages
to link to or not, if it is placed in a directory on the default
library search path, it is bound by section 8.1.  The statement in
question is:

"This section deals only with public shared libraries: shared
libraries that are placed in directories searched by the dynamic
linker by default or which are intended to be linked against normally
and possibly used by other, independent packages."

The use of the word OR there means that whether or not you intend the
lib to be linked against normally and used by other packages, if it is
in a directory on the library search path, then section 8.1 applies.

If mere intent is enough to discard section 8.1, then the language
should be changed so this is clear.  Also there should be something in
place in the debian build system to make sure that linking to such
private libraries either is flagged as an error, or generates a
dependency on the exact version of the library package that the
linking package was built against, in order to prevent packages from
being installable, but unrunnable due to a newer version of the
private library with a different SONAME being installed.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQEcBAEBAgAGBQJRIDE5AAoJEJrBOlT6nu75a1YH/2Hd2ijUaaNGwVdIrkQVJant
PqgZZoiaqSg8szTQUHrahhFvQhxeffgodo7XdEDnGnuetU6drA7QSA07xTcDGDLi
/Mbf5rw/K4yn3oQHBSGMyJD1WhUi/D+JuDYaH9o8R5V/hP8Q2/urtyzXqkNf43Pc
ZWtClEp4NIMmVxoPHoIkgAilOyAUyPc6r6jFUMAEfIuOrHaqmVq1SkVGGGbBQWe9
+HbF5f2VRFO+EktlnaFp0AQMwXnTdG9r1jjzRrqhij6uNRFlgdD70O+XGdAdYWr7
Z41cKR/MBexko6m+45OHEz3tnOxQV1cVRpeuWNvBVte8wSfBSoX0mOKlxO5ZwvY=
=gHdY
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Bug#700759: Shared library policy on private libs
  - From: Guillem Jover <guillem@debian.org>
- Bug#700759: Shared library policy on private libs
  - From: Kurt Roeckx <kurt@roeckx.be>

Prev by Date: Thanks.
Next by Date: Bug#700759: Re: Bug#700677: Incorrect upstream versioning / ABI breakage
Previous by thread: Bug#699808: Bug#699742: syslinux 5.x support
Next by thread: Bug#700759: Shared library policy on private libs
Index(es):
- Date
- Thread