[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Is the Debian dependency system broken? (wget vs libgnutls-deb0-28)

On Sun, 14 Jun 2015 13:26:26 -0700
Russ Allbery <rra@debian.org> wrote:

> Simon McVittie <smcv@debian.org> writes:
> > This is a recurring (anti-)pattern:
> > * an ABI-stable, high-level library, say libhigh0, links to a
> >   lower-level library, say liblow0
> > * we have an ABI transition from liblow0 to liblow1
> > * liblow0 and liblow1 do not both have versioned symbols
> And this point is the root of the problem.
> When I'm in a particular tilting at windmills mood, I think we should
> just stop accepting new shared libraries in Debian that don't use
> symbol versioning, and make adding symbol versioning mandatory the
> next time the SONAME changes. 

With the proviso that "ignoring/fudging" a SONAME change to avoid this
step is an RC bug. A SONAME change going through NEW which doesn't
include symbol versioning should be a reject.

The work to generate the symbols has already been done but needs a new
maintainer (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543640).
That would need to be fixed first.

> I know this is a ton of work for a lot
> of edge packages where the upstream maintainers are building shared
> libraries without really understanding how they work, but it's so
> hard to properly manage library upgrades without symbol versioning.

Yet these are precisely the packages (and upstreams) which are most in
need of such a requirement.


Neil Williams

Attachment: pgpnZMXxN2jUc.pgp
Description: OpenPGP digital signature

Reply to: