Re: Broken library symlink detected in libsamba-util-dev
On Sat, Jul 6, 2013 at 2:03 AM, Steve Langasek <email@example.com> wrote:
> Control: severity 715110 normal
> Control: severity 715122 normal
> On Sat, Jul 06, 2013 at 05:01:15AM +0000, David Steele wrote:
>> Package: libsamba-util-dev
>> Version: 4.0.0~beta2+dfsg1-3.2
>> Severity: serious
>> User: firstname.lastname@example.org
>> Usertags: piuparts, broken-symlink, broken-symlink-shared-library
>> During a test with piuparts, I noticed your package is
>> responsible for the presence of broken symlinks involving
>> a shared library. Such failures may indicate a significant
>> problem with the package.
> "serious" when there's a grand total of 0 packages that use this -dev
> package for linking against the library? Not hardly.
> I think this severity: serious mass-bug filing is extremely poorly
> conceived. The fact that these bugs have evaded notice until a lintian
> check was added means that they do *not* have a high impact on the quality
> of the release. If they did, they would have turned up already by way of
> archive rebuild testing.
I'm sorry you feel this way. I used the Policy-based severity
definitions to come up with 'serious', as I described earlier in the
The bugs did not evade notice. Piuparts has been tracking this issue
for some time, as a non-failing 'issue'. Affected packages were not
failed only because the very high reverse dependency count of many of
them would have made 90+% of the distribution untestable. The rdep
count has been driven low enough recently that elevating this test has
become viable. The bug filings are a first step in that process.
I wasn't aware of the history of the lintian check.
>> This is being filed as Serious because it represents a violation
>> of Policy. Section 8 states "Packages containing shared
>> libraries must be constructed with a little care to make sure
>> that the shared library is always available".
> The packages you've filed bugs against do *not* contain shared libraries.
That's pretty much the point (and a question of semantics).
Take one of the reports for libsamba-util-dev:
# grep libtevent-util samba4-4.0.0~beta2+dfsg1/debian/*
... and libsamba-util-dev does not depend on libsamba-util0.
dpkg --contents shows that libsamba-util-dev installs two .so symlinks
that do not resolve to a valid targets.
So, I claim that libsamba-util-dev is purporting to provide two shared
libraries without following through on the contract. That is what I am
calling a serious bug, as defined by Policy.
It looks like the simple fix here is to add a Depends on libsamba-util0.
> You also did not achieve a consensus on debian-devel in favor of this mass
> bug filing before reporting these bugs. At least one person objected to you
> filing these at severity: serious; another objected to this being considered
> an error at all.
> While in the case of these two bug reports it's definitely a bug in the
> packages and should be fixed, it's nowhere near severity: serious. I
> suspect most of the other bugs are similar.
> Please downgrade the bugs from your MBF to a more appropriate severity.
Again, I am sorry for the confusion. I felt I had achieved consensus,
as evidenced by a quieting of the thread, and no attempts at rebutting
the Policy justification.
I guess the next step is a clearer statement of consensus on what to do next.
My position - I believe that the bug submittal, and the current
severity, is appropriate.
I will make changes should consensus dictate. (I may need some help
determining what constitutes consensus).