Re: missing recommends are not RC severity

To: debian-devel@lists.debian.org
Subject: Re: missing recommends are not RC severity
From: Roberto C. Sánchez <roberto@debian.org>
Date: Tue, 17 Apr 2018 09:54:52 -0400
Message-id: <[🔎] 20180417135452.rhk4uizndpktpwy6@connexer.com>
Mail-followup-to: Roberto C. Sánchez <roberto@debian.org>, debian-devel@lists.debian.org
In-reply-to: <[🔎] CAAajCMYFdpkHhxSD27TFSLYjWHesascmXq3KNBpXN9H-D=5fnA@mail.gmail.com>
References: <[🔎] 57647978-536a-79dc-2e64-da01430b5692@rolf.leggewie.biz> <[🔎] 0a64fa97-291a-6b54-142f-14ac1c519a44@debian.org> <[🔎] 55931a5d-0a29-387d-870c-fa89931a53ff@rolf.leggewie.biz> <[🔎] CAAajCMarPr+BYnFB85PDQiu+puAnRup_GZ3z-WuZ3khZ1HXR8A@mail.gmail.com> <[🔎] 20180417125232.b3fyh6bpe55tbxvi@layer-acht.org> <[🔎] 3DE40937-17C7-4282-932C-9CF2D5359495@kitterman.com> <[🔎] 20180417131602.2n3n37zb45cookca@layer-acht.org> <[🔎] CAAajCMYFdpkHhxSD27TFSLYjWHesascmXq3KNBpXN9H-D=5fnA@mail.gmail.com>

On Tue, Apr 17, 2018 at 09:21:31AM -0400, Jeremy Bicha wrote:
> On Tue, Apr 17, 2018 at 9:16 AM, Holger Levsen <holger@layer-acht.org> wrote:
> > (not sure this makes sense as the practical impact is a normal bug, but
> 
> Since I was CC'd on this email and I've filed several Serious bugs for
> this issue, here is what I've been using lately:
> 
> "It is my understanding that is a RC bug for package to recommend a
> library that has been removed from Testing because recommended
> packages won't be auto-removed on upgrade."
> 
> That means users will have libraries installed that will not get any
> security support. I think that's an RC issue.
> 
Except that the reasoning breaks down when you consider that
auto-removal of packages is a function of the package management front
end and not of dpkg itself (which is responsible for validating the
relationships between packages).

There are plenty of available tools to identify system cruft, including
packages that are no longer receiving security support and packages
which do not exist in the current suite/release for which the system is
configured.

Regards,

-Roberto

-- 
Roberto C. Sánchez

Reply to:

References:
- Lucas Kanashiro and Athos Ribeiro hijack my package
  - From: Rolf Leggewie <foss@rolf.leggewie.biz>
- Re: Lucas Kanashiro and Athos Ribeiro hijack my package
  - From: Lucas Kanashiro <kanashiro@debian.org>
- Re: hijack of gjots2 package
  - From: Rolf Leggewie <foss@rolf.leggewie.biz>
- Re: hijack of gjots2 package
  - From: Jeremy Bicha <jbicha@debian.org>
- missing recommends are not RC severity
  - From: Holger Levsen <holger@layer-acht.org>
- Re: missing recommends are not RC severity
  - From: Scott Kitterman <debian@kitterman.com>
- Re: missing recommends are not RC severity
  - From: Holger Levsen <holger@layer-acht.org>
- Re: missing recommends are not RC severity
  - From: Jeremy Bicha <jbicha@debian.org>

Prev by Date: Re: missing recommends are not RC severity
Next by Date: Re: MBF proposal: python modules that fail to import
Previous by thread: Re: missing recommends are not RC severity
Next by thread: Re: missing recommends are not RC severity
Index(es):
- Date
- Thread