Re: Adding version constraints in dependencies to avoid bugs

[Adam Borowski <kilobyte@angband.pl>]

On Fri, Sep 16, 2016 at 09:57:43AM +0100, Santiago Vila wrote:
> On Fri, Sep 16, 2016 at 09:40:54AM +0100, Simon McVittie wrote:
> > On Thu, 15 Sep 2016 at 23:50:33 +0200, Thomas Goirand wrote:
> > > Recently, the upload python-cryptography broke pyopenssl, and pyopenssl
> > > had to be upgraded to support the new python-cryptography (I don't have
> > > the exact details, but it doesn't mater much here...).
> > 
> > The situation here is that pyopenssl (Build-)Depends on -cryptography and
> > zigos-package Depends on pyopenssl (and possibly -cryptography), right?
> 
> More precisely, zigos-package *Build-Depends* on python-openssl, so a
> more appropriate subject for this would have been "Making build-depends
> versioned to avoid *FTBFS* bugs".
> 
> I consider this distinction important, as this is not just an "ordinary bug",
> it's a bug which breaks our promise that a source package will build
> from source provided its build-dependencies are fulfilled.

To the contrary, unlike regular bugs, I'd say BUILD-dependencies have any
reason to be considered only at most for package versions in:
* stable
* stable-backports
* frozen testing (ie, to-become-stable, not in the middle of the cycle)
* unstable
* when you have a reason to care: experimental
* perhaps some major derivatives
without any heed for mixes of the above.

On the other hand, regular bugs may be meaningful for any version that was
in unstable even for a single dinstall, so it'd be nice to consider having
Breaks at least for data-loss bugs.

On the third hand, _upgrade_ bugs need to have Breaks for any combination of
package versions since last stable, in every case.


-- 
Second "wet cat laying down on a powered-on box-less SoC on the desk" close
shave in a week.  Protect your ARMs, folks!