Re: Is the Debian dependency system broken? (wget vs libgnutls-deb0-28)
On 14/06/15 17:19, Felipe Sateler wrote:
> I think either libgnutls-deb0-28 or libnettle6 should add a Breaks:
> libnettle4, to ensure all related packages are upgraded in lockstep.
This is a recurring (anti-)pattern:
* an ABI-stable, high-level library, say libhigh0, links to a
lower-level library, say liblow0
* we have an ABI transition from liblow0 to liblow1
* liblow0 and liblow1 do not both have versioned symbols
* binaries linked to libhigh0, but whose only reference to liblow* is
via libhigh0, upgrade gracefully
* binaries that end up with both liblow0 and liblow1 in their address
For instance, in this particular case, libhigh is gnutls and liblow is
nettle. The GNOME team sees this every few GNOME release cycles with
clutter (which is long-term ABI-stable) and its dependency cogl (which
isn't). I'm sure there are plenty more examples.
Linking with -Wl,--as-needed and making use of pkg-config's
Requires.private mitigates this problem by reducing the number of
binaries explicitly linked to both libhigh0 and liblow, but doesn't
solve it for anything that does explicitly use liblow functionality.
One solution is to give the lower-level library versioned symbols, with
at least one unique version per SONAME. That's how libjpeg and libpng
avoid breaking lots of GUIs every time they bump SONAME, for instance.
Another solution is to add enough Breaks to force a lockstep upgrade,
which is how the GNOME team deals with it for clutter/cogl AIUI.