Ansgar <ansgar@43-1.org> writes: >> * doing this will, in a non-negligible number of cases, trigger the >> bug to manifest on systems where that package is upgraded from a >> version where the move had not taken place to one where it has. > > Why do you claim that? > > Given packages already did such moves in the last years and you claim > this happens in a non-negligible number of cases, could you please > point to some examples where this already happens in practice? My understanding is that in order to trigger this bug you need at least to both move a file from one place to the other, and also to rename the package that contains that file or move ownership to another package. I suspect that you might also need to be unlucky with the order that apt/dpkg decides to do the installation and, depending upon how far apart the move and the rename happens, also unlucky with your choice of from and to versions of the packages in question. Given that these bugs are going to be utter bastards to reproduce, and you can be sure that we'll have enough diversity in installed systems that some people are going to manage to be sufficiently unlucky, it would be nice to know the sort of damage we might expect. It strikes me that we ought to be able to screen our own repos for packages that could be able to tickle this bug. That would give us the chance to look at what sorts of files we might realistically expect to be clobbered, it should give some indication of how many packages we should expect to be able to trigger this, and knowing this might suggest plausible work-arounds. Of course, that doesn't help with packages from third-party repos, including our downstreams, but at present we seem to be discussing this with very little hard data. It occurs to me that one could lose quite a few files on the average Debian install (if they were selected at random) without even noticing, whereas a very few files would render systems unbootable, so knowing a bit more about which files are realistically at risk would be very helpful in understanding the severity of the problem. If anyone's got good ideas about how to gather this information, I'm very happy to help with the effort to do so. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/ http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg, GERMANY
Attachment:
signature.asc
Description: PGP signature