Re: Adding version constraints in dependencies to avoid bugs

[Thomas Goirand <zigo@debian.org>]

On 09/16/2016 01:20 AM, Santiago Vila wrote:
> On Thu, Sep 15, 2016 at 06:04:54PM -0400, Scott Kitterman wrote:
> 
>> I think it would be simpler and more correct for python-cryptography to 
>> declare a breaks relationship with python-openssl, e.g. (in the binary control 
>> stanza for python-cryptography):
>>
>> Breaks: python-openssl (<< FIRST_NOT_BROKEN_VERSION~)
>>
>> That should ensure python-openssl is upgraded with python-cryptography without 
>> having to touch an entire stack of rdepends.
> 
> Hello.
> 
> I was the one who asked for these build-depends to become versioned.
> 
> My rationale for that is in policy when it says that "it must be
> possible to build the package when the build-dependencies are met".

Which would be handled by what proposed Scott, which is done already
(see below).

> Your proposed solution, Scott, seems indeed a lot better than updating
> the build-depends of a bunch of packages, and it makes the policy
> requirement to be met in a different way, namely, by not allowing
> the affected packages to be built with build-dependencies which are
> known to be incompatible.

I don't agree, I think Scott's proposal is sound.

> Thomas: Would you take care of filing whatever bug is necessary for
> this solution to be implemented?

That's IMO not needed, as python-cryptography 1.5-2 already has:

Breaks: python-openssl (<< 16.0.0)

Cheers,

Thomas Goirand (zigo)