Re: Is the Debian dependency system broken? (wget vs libgnutls-deb0-28)
On 2015-06-14 18:43:33 +0200, Marc Haber wrote:
> On Sun, 14 Jun 2015 16:03:32 +0200, Vincent Lefevre
> <firstname.lastname@example.org> wrote:
> >Normally, a well-designed dependency system should make sure that the
> >user cannot install an incorrect combination of packages (avoiding
> >segmentation faults and internal errors), e.g. during a partial
> >upgrade. But it appears that this is not the case, and users are
> >required to do "apt-get (dist-)upgrade" and can no longer rely on
> >"apt-get install <some package>" to upgrade just the wanted package
> >and dependencies:
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788710#10
> >Note that the problem still occurs on an available set of packages:
> >just start with a Debian/stable system (jessie) and upgrade
> >libgnutls-deb0-28 to unstable (no dependencies/conflicts will
> >yield an upgrade of wget, which will occasionally segfault).
> So gnutls-deb0-28 needs a versioned dependency on the correct wget
> version. Is that a problem?
The bug was closed without fixing the dependency (gnutls-deb0-28
should actually break libnettle4).
> btw, please read up on bug severities. I consider filing this bug as
> "grave" quite short of being offensive.
Well, I got segfaults and internal errors on various websites. A
package that is broken at this point is almost completely unusable,
so that it deserves a "grave" bug. Note that I hadn't thought that
this was a dependency problem precisely because libgnutls-deb0-28
allowed such a package combination.
Vincent Lefèvre <email@example.com> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)