Re: Is the Debian dependency system broken? (wget vs libgnutls-deb0-28)
On Sun, Jun 14, 2015, at 17:26, Russ Allbery wrote:
> Simon McVittie <firstname.lastname@example.org> writes:
> > This is a recurring (anti-)pattern:
> > * an ABI-stable, high-level library, say libhigh0, links to a
> > lower-level library, say liblow0
> > * we have an ABI transition from liblow0 to liblow1
> > * liblow0 and liblow1 do not both have versioned symbols
> And this point is the root of the problem.
> When I'm in a particular tilting at windmills mood, I think we should
> stop accepting new shared libraries in Debian that don't use symbol
> versioning, and make adding symbol versioning mandatory the next time the
> SONAME changes. I know this is a ton of work for a lot of edge packages
> where the upstream maintainers are building shared libraries without
> really understanding how they work, but it's so hard to properly manage
> library upgrades without symbol versioning.
I'd second that requirement, provided that we come up with helpful
documentation that we can point upstream to, teaching them the ins and
outs of proper library ABI management using *easy* symbol versioning
(i.e. symbol version based on the soname: it really doesn't need to be
the advanced stuff done by the libc for the vast majority of the
This specific breakage anti-pattern has been breaking Linux systems for
nearly two decades.
Another related anti-pattern is caused by globally switchable behavior
in liblow0: library-wide behavior must be context based, otherwise you
can have the application asking for one setting, and underyling
libraries wanting other (possibly diverse) settings.
Some of us still remember the damage caused by this anti-pattern in
Cyrus SASL, many years ago.
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique de Moraes Holschuh <email@example.com>