[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Is the Debian dependency system broken? (wget vs libgnutls-deb0-28)

On 2015-06-14 18:43:33 +0200, Marc Haber wrote:
> On Sun, 14 Jun 2015 16:03:32 +0200, Vincent Lefevre
> <vincent@vinc17.net> wrote:
> >Normally, a well-designed dependency system should make sure that the
> >user cannot install an incorrect combination of packages (avoiding
> >segmentation faults and internal errors), e.g. during a partial
> >upgrade. But it appears that this is not the case, and users are
> >required to do "apt-get (dist-)upgrade" and can no longer rely on
> >"apt-get install <some package>" to upgrade just the wanted package
> >and dependencies:
> >
> >  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788710#10
> >
> >Note that the problem still occurs on an available set of packages:
> >just start with a Debian/stable system (jessie) and upgrade
> >libgnutls-deb0-28 to unstable (no dependencies/conflicts will
> >yield an upgrade of wget, which will occasionally segfault).
> So gnutls-deb0-28 needs a versioned dependency on the correct wget
> version. Is that a problem?

The bug was closed without fixing the dependency (gnutls-deb0-28
should actually break libnettle4).

> btw, please read up on bug severities. I consider filing this bug as
> "grave" quite short of being offensive.

Well, I got segfaults and internal errors on various websites. A
package that is broken at this point is almost completely unusable,
so that it deserves a "grave" bug. Note that I hadn't thought that
this was a dependency problem precisely because libgnutls-deb0-28
allowed such a package combination.

Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Reply to: