[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Broken library symlink detected in libsamba-util-dev

On Sat, Jul 6, 2013 at 2:03 AM, Steve Langasek <vorlon@debian.org> wrote:
> Control: severity 715110 normal
> Control: severity 715122 normal
> On Sat, Jul 06, 2013 at 05:01:15AM +0000, David Steele wrote:
>> Package: libsamba-util-dev
>> Version: 4.0.0~beta2+dfsg1-3.2
>> Severity: serious
>> User: debian-qa@lists.debian.org
>> Usertags: piuparts, broken-symlink, broken-symlink-shared-library
>> During a test with piuparts, I noticed your package is
>> responsible for the presence of broken symlinks involving
>> a shared library. Such failures may indicate a significant
>> problem with the package.
> "serious" when there's a grand total of 0 packages that use this -dev
> package for linking against the library?  Not hardly.
> I think this severity: serious mass-bug filing is extremely poorly
> conceived.  The fact that these bugs have evaded notice until a lintian
> check was added means that they do *not* have a high impact on the quality
> of the release.  If they did, they would have turned up already by way of
> archive rebuild testing.

I'm sorry you feel this way. I used the Policy-based severity
definitions to come up with 'serious', as I described earlier in the

The bugs did not evade notice. Piuparts has been tracking this issue
for some time, as a non-failing 'issue'. Affected packages were not
failed only because the very high reverse dependency count of many of
them would have made 90+% of the distribution untestable. The rdep
count has been driven low enough recently that elevating this test has
become viable. The bug filings are a first step in that process.

I wasn't aware of the history of the lintian check.

>> This is being filed as Serious because it represents a violation
>> of Policy. Section 8 states "Packages containing shared
>> libraries must be constructed with a little care to make sure
>> that the shared library is always available".
> The packages you've filed bugs against do *not* contain shared libraries.

That's pretty much the point (and a question of semantics).

Take one of the reports for libsamba-util-dev:

    -> libtevent-util.so.0.0.1

# grep libtevent-util samba4-4.0.0~beta2+dfsg1/debian/*

... and libsamba-util-dev does not depend on libsamba-util0.

dpkg --contents shows that libsamba-util-dev installs two .so symlinks
that do not resolve to a valid targets.

So, I claim that libsamba-util-dev is purporting to provide two shared
libraries without following through on the contract. That is what I am
calling a serious bug, as defined by Policy.

It looks like the simple fix here is to add a Depends on libsamba-util0.

> You also did not achieve a consensus on debian-devel in favor of this mass
> bug filing before reporting these bugs.  At least one person objected to you
> filing these at severity: serious; another objected to this being considered
> an error at all.
>   https://lists.debian.org/debian-devel/2013/07/msg00115.html
> While in the case of these two bug reports it's definitely a bug in the
> packages and should be fixed, it's nowhere near severity: serious.  I
> suspect most of the other bugs are similar.
> Please downgrade the bugs from your MBF to a more appropriate severity.

Again, I am sorry for the confusion. I felt I had achieved consensus,
as evidenced by a quieting of the thread, and no attempts at rebutting
the Policy justification.

I guess the next step is a clearer statement of consensus on what to do next.

My position - I believe that the bug submittal, and the current
severity, is appropriate.

I will make changes should consensus dictate. (I may need some help
determining what constitutes consensus).

Reply to: