Re: Adding version constraints in dependencies to avoid bugs

[Simon McVittie <smcv@debian.org>]

On Thu, 15 Sep 2016 at 23:50:33 +0200, Thomas Goirand wrote:
> Recently, the upload python-cryptography broke pyopenssl, and pyopenssl
> had to be upgraded to support the new python-cryptography (I don't have
> the exact details, but it doesn't mater much here...).

The situation here is that pyopenssl (Build-)Depends on -cryptography and
zigos-package Depends on pyopenssl (and possibly -cryptography), right?

The line I would draw is that if it's a deliberate change in -cryptography
(what the older pyopenssl did was once considered valid but is now
considered to be wrong) or if pyopenssl/stable breaks badly with
-cryptography/unstable, then -cryptography should have Breaks: pyopenssl
(<< ...) to force lockstep upgrades; if it's an ordinary bug in pyopenssl
(the older pyopenssl was always wrong, it just matters more now) then
no action is needed other than fixing its bug; and adding spurious
(build-)dependencies to a third package that merely got mixed up in this
just seems wrong in any case.

    S