Re: Is the Debian dependency system broken? (wget vs libgnutls-deb0-28)
On Sun, Jun 14, 2015 at 05:50:02PM +0100, Simon McVittie wrote:
> On 14/06/15 17:19, Felipe Sateler wrote:
> > I think either libgnutls-deb0-28 or libnettle6 should add a Breaks:
> > libnettle4, to ensure all related packages are upgraded in lockstep.
> This is a recurring (anti-)pattern:
> * an ABI-stable, high-level library, say libhigh0, links to a
> lower-level library, say liblow0
> * we have an ABI transition from liblow0 to liblow1
> * liblow0 and liblow1 do not both have versioned symbols
> * binaries linked to libhigh0, but whose only reference to liblow* is
> via libhigh0, upgrade gracefully
> * binaries that end up with both liblow0 and liblow1 in their address
> space crash
> For instance, in this particular case, libhigh is gnutls and liblow is
> nettle. The GNOME team sees this every few GNOME release cycles with
> clutter (which is long-term ABI-stable) and its dependency cogl (which
> isn't). I'm sure there are plenty more examples.
> Linking with -Wl,--as-needed and making use of pkg-config's
> Requires.private mitigates this problem by reducing the number of
> binaries explicitly linked to both libhigh0 and liblow, but doesn't
> solve it for anything that does explicitly use liblow functionality.
> One solution is to give the lower-level library versioned symbols, with
> at least one unique version per SONAME. That's how libjpeg and libpng
> avoid breaking lots of GUIs every time they bump SONAME, for instance.
> Another solution is to add enough Breaks to force a lockstep upgrade,
> which is how the GNOME team deals with it for clutter/cogl AIUI.
Hrm, you're not coming to DebConf15, right?
I think a talk like "Best Practises for Debian Library Packaging" would
be well-received, I am not sure we had something like this decade...
(the CfP would be open for another 24 hours)