[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Is the Debian dependency system broken? (wget vs libgnutls-deb0-28)

On 2015-06-14 18:15:33 +0200, Dominik George wrote:
> Hi,
> > Note that the problem still occurs on an available set of packages:
> > just start with a Debian/stable system (jessie) and upgrade
> > libgnutls-deb0-28 to unstable (no dependencies/conflicts will
> > yield an upgrade of wget, which will occasionally segfault).
> well, then, obviously, the dependency on libgnutls-deb0-28 (>= 3.3.0) in
> wget is a bit too optimistic. This could have been prevented by the wget
> maintainer selecting a more restrictive set ot libgnutls versions,
> probably just 3.3.0.

Well, there are two things that one wants to avoid:

1. Upgrading libgnutls-deb0-28 to a version using libnettle6 without
   upgrading the packages that depend on libgnutls-deb0-28 and use
   libnettle4. This is the problem I've mentioned here. And there's
   now the following bug reported by Felipe Sateler:


   (Bug 788710 shouldn't have been closed, but changed to something
   like what bug 788735 says.)

2. Upgrading wget to to a version using libnettle6 without upgrading
   libgnutls-deb0-28 to such a version too. For this point, I agree
   that the dependency on libgnutls-deb0-28 (>= 3.3.0) in wget is too
   optimistic. That's the following bug:


BTW, if wget had the correct dependency, I would probably never have
seen problem (1).

> In any case, this is nothing any package dependency system could fix
> unless told about the situation, because, as noted above, there even is
> an expressly written rule stating that 3.3.15, being >= 3.3.0, is
> perfectly ok, and that's what apt takes into account, and that's the
> best it can do.

OK, so, that's more a problem with developers who close bugs without
fixing the dependencies.

Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Reply to: